diff --git a/pkg/crypto/keys/publickey.go b/pkg/crypto/keys/publickey.go
index 0daa0431c..7eac8931f 100644
--- a/pkg/crypto/keys/publickey.go
+++ b/pkg/crypto/keys/publickey.go
@@ -333,7 +333,7 @@ func (p *PublicKey) Address() string {
 // Verify returns true if the signature is valid and corresponds
 // to the hash and public key.
 func (p *PublicKey) Verify(signature []byte, hash []byte) bool {
-	if p.X == nil || p.Y == nil {
+	if p.X == nil || p.Y == nil || len(signature) != 64 {
 		return false
 	}
 	rBytes := new(big.Int).SetBytes(signature[0:32])
diff --git a/pkg/crypto/keys/sign_verify_test.go b/pkg/crypto/keys/sign_verify_test.go
index 405a99c9d..7e0b8b217 100644
--- a/pkg/crypto/keys/sign_verify_test.go
+++ b/pkg/crypto/keys/sign_verify_test.go
@@ -52,6 +52,9 @@ func TestPubKeyVerify(t *testing.T) {
 		expected := true
 		assert.Equal(t, expected, result)
 
+		// Small signature, no panic.
+		assert.False(t, pubKey.Verify([]byte{1, 2, 3}, hashedData.BytesBE()))
+
 		pubKey = &PublicKey{}
 		assert.False(t, pubKey.Verify(signedData, hashedData.BytesBE()))
 	})