diff --git a/cli/candidate_test.go b/cli/candidate_test.go
index ebd0f9144..077c46c07 100644
--- a/cli/candidate_test.go
+++ b/cli/candidate_test.go
@@ -41,6 +41,13 @@ func TestRegisterCandidate(t *testing.T) {
 		"--rpc-endpoint", "http://"+e.RPC.Addr,
 		"--wallet", validatorWallet)
 
+	// additional parameter
+	e.RunWithError(t, "neo-go", "wallet", "candidate", "register",
+		"--rpc-endpoint", "http://"+e.RPC.Addr,
+		"--wallet", validatorWallet,
+		"--address", validatorPriv.Address(),
+		"error")
+
 	e.In.WriteString("one\r")
 	e.Run(t, "neo-go", "wallet", "candidate", "register",
 		"--rpc-endpoint", "http://"+e.RPC.Addr,
@@ -55,6 +62,13 @@ func TestRegisterCandidate(t *testing.T) {
 	require.Equal(t, big.NewInt(0), vs[0].Votes)
 
 	t.Run("VoteUnvote", func(t *testing.T) {
+		// positional instead of a flag.
+		e.RunWithError(t, "neo-go", "wallet", "candidate", "vote",
+			"--rpc-endpoint", "http://"+e.RPC.Addr,
+			"--wallet", validatorWallet,
+			"--address", validatorPriv.Address(),
+			validatorHex) // not "--candidate hex", but "hex".
+
 		e.In.WriteString("one\r")
 		e.Run(t, "neo-go", "wallet", "candidate", "vote",
 			"--rpc-endpoint", "http://"+e.RPC.Addr,
@@ -115,6 +129,12 @@ func TestRegisterCandidate(t *testing.T) {
 	e.RunWithError(t, "neo-go", "wallet", "candidate", "unregister",
 		"--rpc-endpoint", "http://"+e.RPC.Addr,
 		"--wallet", validatorWallet)
+	// additional argument
+	e.RunWithError(t, "neo-go", "wallet", "candidate", "unregister",
+		"--rpc-endpoint", "http://"+e.RPC.Addr,
+		"--wallet", validatorWallet,
+		"--address", validatorPriv.Address(),
+		"argument")
 
 	e.In.WriteString("one\r")
 	e.Run(t, "neo-go", "wallet", "candidate", "unregister",
@@ -128,4 +148,8 @@ func TestRegisterCandidate(t *testing.T) {
 
 	// query voter: missing address
 	e.RunWithError(t, "neo-go", "query", "voter")
+	// Excessive parameters.
+	e.RunWithError(t, "neo-go", "query", "voter", "--rpc-endpoint", "http://"+e.RPC.Addr, validatorPriv.Address(), validatorPriv.Address())
+	e.RunWithError(t, "neo-go", "query", "committee", "--rpc-endpoint", "http://"+e.RPC.Addr, "something")
+	e.RunWithError(t, "neo-go", "query", "candidates", "--rpc-endpoint", "http://"+e.RPC.Addr, "something")
 }
diff --git a/cli/cmdargs/parser.go b/cli/cmdargs/parser.go
index 0379cf7f5..1e449f5e3 100644
--- a/cli/cmdargs/parser.go
+++ b/cli/cmdargs/parser.go
@@ -131,6 +131,15 @@ func GetDataFromContext(ctx *cli.Context) (int, interface{}, *cli.ExitError) {
 	return offset, data, nil
 }
 
+// EnsureNone returns an error if there are any positional arguments present.
+// It can be used to check for them in commands that don't accept arguments.
+func EnsureNone(ctx *cli.Context) *cli.ExitError {
+	if ctx.Args().Present() {
+		return cli.NewExitError("additional arguments given while this command expects none", 1)
+	}
+	return nil
+}
+
 // ParseParams extracts array of smartcontract.Parameter from the given args and
 // returns the number of handled words, the array itself and an error.
 // `calledFromMain` denotes whether the method was called from the outside or
diff --git a/cli/contract_test.go b/cli/contract_test.go
index 6b2733bb1..fcea7c4ac 100644
--- a/cli/contract_test.go
+++ b/cli/contract_test.go
@@ -78,6 +78,9 @@ func TestCalcHash(t *testing.T) {
 
 	cmd = append(cmd, "--in", nefPath, "--manifest", manifestPath)
 	expected := state.CreateContractHash(sender, nefF.Checksum, manif.Name)
+	t.Run("excessive parameters", func(t *testing.T) {
+		e.RunWithError(t, append(cmd, "--sender", sender.StringLE(), "something")...)
+	})
 	t.Run("valid, uint160", func(t *testing.T) {
 		e.Run(t, append(cmd, "--sender", sender.StringLE())...)
 		e.checkNextLine(t, expected.StringLE())
@@ -156,6 +159,9 @@ func Blocks() []*alias.Block {
 		"--out", filepath.Join(tmpDir, "out.nef"),
 		"--manifest", manifestPath,
 		"--bindings", bindingsPath)
+	t.Run("excessive parameters", func(t *testing.T) {
+		e.RunWithError(t, append(cmd, "something")...)
+	})
 	e.Run(t, cmd...)
 	e.checkEOF(t)
 	require.FileExists(t, bindingsPath)
@@ -220,6 +226,10 @@ func TestContractInitAndCompile(t *testing.T) {
 	})
 
 	ctrPath := filepath.Join(tmpDir, "testcontract")
+	t.Run("excessive parameters", func(t *testing.T) {
+		e.RunWithError(t, "neo-go", "contract", "init", "--name", ctrPath, "something")
+	})
+
 	e.Run(t, "neo-go", "contract", "init", "--name", ctrPath)
 
 	t.Run("don't rewrite existing directory", func(t *testing.T) {
@@ -263,6 +273,11 @@ func TestContractInitAndCompile(t *testing.T) {
 	require.NoError(t, os.WriteFile(goMod, data, os.ModePerm))
 
 	cmd = append(cmd, "--config", cfgPath)
+
+	t.Run("excessive parameters", func(t *testing.T) {
+		e.RunWithError(t, append(cmd, "something")...)
+	})
+
 	e.Run(t, cmd...)
 	e.checkEOF(t)
 	require.FileExists(t, nefPath)
@@ -504,6 +519,10 @@ func TestContractManifestGroups(t *testing.T) {
 	cmd := []string{"neo-go", "contract", "manifest", "add-group",
 		"--nef", nefName, "--manifest", manifestName}
 
+	t.Run("excessive parameters", func(t *testing.T) {
+		e.RunWithError(t, append(cmd, "--wallet", testWalletPath,
+			"--sender", testWalletAccount, "--address", testWalletAccount, "something")...)
+	})
 	e.In.WriteString("testpass\r")
 	e.Run(t, append(cmd, "--wallet", testWalletPath,
 		"--sender", testWalletAccount, "--address", testWalletAccount)...)
@@ -916,6 +935,7 @@ func TestContractInspect(t *testing.T) {
 	t.Run("with nef", func(t *testing.T) {
 		e.RunWithError(t, append(cmd, "--in", nefName, "--compile")...)
 		e.RunWithError(t, append(cmd, "--in", filepath.Join(tmpDir, "not.exists"))...)
+		e.RunWithError(t, append(cmd, "--in", nefName, "something")...)
 		e.Run(t, append(cmd, "--in", nefName)...)
 		require.True(t, strings.Contains(e.Out.String(), "SYSCALL"))
 	})
diff --git a/cli/dump_test.go b/cli/dump_test.go
index 73dba82b4..0490156b6 100644
--- a/cli/dump_test.go
+++ b/cli/dump_test.go
@@ -38,6 +38,9 @@ func TestDBRestoreDump(t *testing.T) {
 	baseArgs := []string{"neo-go", "db", "restore", "--unittest",
 		"--config-path", tmpDir, "--in", inDump, "--dump", stateDump}
 
+	t.Run("excessive restore parameters", func(t *testing.T) {
+		e.RunWithError(t, append(baseArgs, "something")...)
+	})
 	// First 15 blocks.
 	e.Run(t, append(baseArgs, "--count", "15")...)
 
@@ -94,6 +97,9 @@ func TestDBRestoreDump(t *testing.T) {
 	t.Run("invalid start/count", func(t *testing.T) {
 		e.RunWithError(t, append(baseCmd, "--start", "5", "--count", strconv.Itoa(50-5+1+1))...)
 	})
+	t.Run("excessive dump parameters", func(t *testing.T) {
+		e.RunWithError(t, append(baseCmd, "something")...)
+	})
 
 	e.Run(t, baseCmd...)
 
diff --git a/cli/multisig_test.go b/cli/multisig_test.go
index 2e69f2499..7bf903c86 100644
--- a/cli/multisig_test.go
+++ b/cli/multisig_test.go
@@ -148,6 +148,11 @@ func TestSignMultisigTx(t *testing.T) {
 			e.checkEOF(t)
 		})
 
+		t.Run("excessive parameters", func(t *testing.T) {
+			e.RunWithError(t, "neo-go", "util", "txdump",
+				"--rpc-endpoint", "http://"+e.RPC.Addr,
+				txPath, "garbage")
+		})
 		e.Run(t, "neo-go", "util", "txdump",
 			"--rpc-endpoint", "http://"+e.RPC.Addr,
 			txPath)
diff --git a/cli/nep11_test.go b/cli/nep11_test.go
index 536c0929d..88df09292 100644
--- a/cli/nep11_test.go
+++ b/cli/nep11_test.go
@@ -52,6 +52,9 @@ func TestNEP11Import(t *testing.T) {
 	// missing token hash
 	e.RunWithError(t, args...)
 
+	// excessive parameters
+	e.RunWithError(t, append(args, "--token", nnsContractHash.StringLE(), "something")...)
+
 	// good: non-divisible
 	e.Run(t, append(args, "--token", nnsContractHash.StringLE())...)
 
@@ -73,6 +76,10 @@ func TestNEP11Import(t *testing.T) {
 		e.checkNextLine(t, "^Standard:\\s*"+string(manifest.NEP11StandardName))
 	}
 	t.Run("Info", func(t *testing.T) {
+		t.Run("excessive parameters", func(t *testing.T) {
+			e.RunWithError(t, "neo-go", "wallet", "nep11", "info",
+				"--wallet", walletPath, "--token", nnsContractHash.StringLE(), "qwerty")
+		})
 		t.Run("WithToken", func(t *testing.T) {
 			e.Run(t, "neo-go", "wallet", "nep11", "info",
 				"--wallet", walletPath, "--token", nnsContractHash.StringLE())
@@ -88,6 +95,8 @@ func TestNEP11Import(t *testing.T) {
 	})
 
 	t.Run("Remove", func(t *testing.T) {
+		e.RunWithError(t, "neo-go", "wallet", "nep11", "remove",
+			"--wallet", walletPath, "--token", nnsContractHash.StringLE(), "parameter")
 		e.In.WriteString("y\r")
 		e.Run(t, "neo-go", "wallet", "nep11", "remove",
 			"--wallet", walletPath, "--token", nnsContractHash.StringLE())
@@ -166,6 +175,8 @@ func TestNEP11_ND_OwnerOf_BalanceOf_Transfer(t *testing.T) {
 	}
 	// balance check: by symbol, token is not imported
 	e.RunWithError(t, append(cmdCheckBalance, "--token", "HASHY")...)
+	// balance check: excessive parameters
+	e.RunWithError(t, append(cmdCheckBalance, "--token", h.StringLE(), "neo-go")...)
 	// balance check: by hash, ok
 	e.Run(t, append(cmdCheckBalance, "--token", h.StringLE())...)
 	checkBalanceResult(t, nftOwnerAddr, "1")
@@ -256,6 +267,8 @@ func TestNEP11_ND_OwnerOf_BalanceOf_Transfer(t *testing.T) {
 	e.RunWithError(t, cmdTokens...)
 	cmdTokens = append(cmdTokens, "--token", h.StringLE())
 
+	// tokens: excessive parameters
+	e.RunWithError(t, append(cmdTokens, "additional")...)
 	// tokens: good, several tokens
 	e.Run(t, cmdTokens...)
 	require.Equal(t, hex.EncodeToString(fst), e.getNextLine(t))
@@ -482,6 +495,9 @@ func TestNEP11_D_OwnerOf_BalanceOf_Transfer(t *testing.T) {
 	e.RunWithError(t, cmdProperties...)
 	cmdProperties = append(cmdProperties, "--id", hex.EncodeToString(token2ID))
 
+	// properties: additional parameter
+	e.RunWithError(t, append(cmdProperties, "additiona")...)
+
 	// properties: ok
 	e.Run(t, cmdProperties...)
 	jProps = e.getNextLine(t)
diff --git a/cli/nep17_test.go b/cli/nep17_test.go
index ea313a527..2d00dfbfb 100644
--- a/cli/nep17_test.go
+++ b/cli/nep17_test.go
@@ -24,6 +24,9 @@ func TestNEP17Balance(t *testing.T) {
 		"--wallet", validatorWallet,
 	)
 	cmd := append(cmdbase, "--address", validatorAddr)
+	t.Run("excessive parameters", func(t *testing.T) {
+		e.RunWithError(t, append(cmd, "--token", "NEO", "gas")...)
+	})
 	t.Run("NEO", func(t *testing.T) {
 		b, index := e.Chain.GetGoverningTokenBalance(validatorHash)
 		checkResult := func(t *testing.T) {
@@ -321,6 +324,11 @@ func TestNEP17ImportToken(t *testing.T) {
 		"--rpc-endpoint", "http://"+e.RPC.Addr,
 		"--wallet", walletPath)
 
+	// additional parameter
+	e.RunWithError(t, "neo-go", "wallet", "nep17", "import",
+		"--rpc-endpoint", "http://"+e.RPC.Addr,
+		"--wallet", walletPath,
+		"--token", gasContractHash.StringLE(), "useless")
 	e.Run(t, "neo-go", "wallet", "nep17", "import",
 		"--rpc-endpoint", "http://"+e.RPC.Addr,
 		"--wallet", walletPath,
@@ -345,6 +353,10 @@ func TestNEP17ImportToken(t *testing.T) {
 			e.checkNextLine(t, "^Address:\\s*"+address.Uint160ToString(gasContractHash))
 			e.checkNextLine(t, "^Standard:\\s*"+string(manifest.NEP17StandardName))
 		}
+		t.Run("excessive parameters", func(t *testing.T) {
+			e.RunWithError(t, "neo-go", "wallet", "nep17", "info",
+				"--wallet", walletPath, "--token", gasContractHash.StringLE(), "parameter")
+		})
 		t.Run("WithToken", func(t *testing.T) {
 			e.Run(t, "neo-go", "wallet", "nep17", "info",
 				"--wallet", walletPath, "--token", gasContractHash.StringLE())
@@ -364,6 +376,8 @@ func TestNEP17ImportToken(t *testing.T) {
 			e.checkNextLine(t, "^Standard:\\s*"+string(manifest.NEP17StandardName))
 		})
 		t.Run("Remove", func(t *testing.T) {
+			e.RunWithError(t, "neo-go", "wallet", "nep17", "remove",
+				"--wallet", walletPath, "--token", neoContractHash.StringLE(), "add")
 			e.In.WriteString("y\r")
 			e.Run(t, "neo-go", "wallet", "nep17", "remove",
 				"--wallet", walletPath, "--token", neoContractHash.StringLE())
diff --git a/cli/query/query.go b/cli/query/query.go
index 492be40e6..d7d00d2cd 100644
--- a/cli/query/query.go
+++ b/cli/query/query.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 	"text/tabwriter"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/cli/options"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
@@ -77,6 +78,8 @@ func queryTx(ctx *cli.Context) error {
 	args := ctx.Args()
 	if len(args) == 0 {
 		return cli.NewExitError("Transaction hash is missing", 1)
+	} else if len(args) > 1 {
+		return cli.NewExitError("only one transaction hash is accepted", 1)
 	}
 
 	txHash, err := util.Uint256DecodeStringLE(strings.TrimPrefix(args[0], "0x"))
@@ -160,6 +163,10 @@ func DumpApplicationLog(
 func queryCandidates(ctx *cli.Context) error {
 	var err error
 
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
+
 	gctx, cancel := options.GetTimeoutContext(ctx)
 	defer cancel()
 
@@ -200,6 +207,10 @@ func queryCandidates(ctx *cli.Context) error {
 func queryCommittee(ctx *cli.Context) error {
 	var err error
 
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
+
 	gctx, cancel := options.GetTimeoutContext(ctx)
 	defer cancel()
 
@@ -222,6 +233,10 @@ func queryCommittee(ctx *cli.Context) error {
 func queryHeight(ctx *cli.Context) error {
 	var err error
 
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
+
 	gctx, cancel := options.GetTimeoutContext(ctx)
 	defer cancel()
 
@@ -250,6 +265,8 @@ func queryVoter(ctx *cli.Context) error {
 	args := ctx.Args()
 	if len(args) == 0 {
 		return cli.NewExitError("No address specified", 1)
+	} else if len(args) > 1 {
+		return cli.NewExitError("this command only accepts one address", 1)
 	}
 
 	addr, err := flags.ParseAddress(args[0])
diff --git a/cli/query_test.go b/cli/query_test.go
index 850c0a480..3daa6ea8f 100644
--- a/cli/query_test.go
+++ b/cli/query_test.go
@@ -101,6 +101,9 @@ func TestQueryTx(t *testing.T) {
 		t.Run("missing tx argument", func(t *testing.T) {
 			e.RunWithError(t, args...)
 		})
+		t.Run("excessive arguments", func(t *testing.T) {
+			e.RunWithError(t, append(args, txHash.StringLE(), txHash.StringLE())...)
+		})
 		t.Run("invalid hash", func(t *testing.T) {
 			e.RunWithError(t, append(args, "notahash")...)
 		})
@@ -142,8 +145,12 @@ func (e *executor) compareQueryTxVerbose(t *testing.T, tx *transaction.Transacti
 func TestQueryHeight(t *testing.T) {
 	e := newExecutor(t, true)
 
-	e.Run(t, "neo-go", "query", "height", "--rpc-endpoint", "http://"+e.RPC.Addr)
+	args := []string{"neo-go", "query", "height", "--rpc-endpoint", "http://" + e.RPC.Addr}
+	e.Run(t, args...)
 	e.checkNextLine(t, `^Latest block: [0-9]+$`)
 	e.checkNextLine(t, `^Validated state: [0-9]+$`)
 	e.checkEOF(t)
+	t.Run("excessive arguments", func(t *testing.T) {
+		e.RunWithError(t, append(args, "something")...)
+	})
 }
diff --git a/cli/server/server.go b/cli/server/server.go
index 0d5f4e02e..571fe9733 100644
--- a/cli/server/server.go
+++ b/cli/server/server.go
@@ -10,6 +10,7 @@ import (
 	"runtime"
 	"time"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/cli/options"
 	"github.com/nspcc-dev/neo-go/pkg/config"
 	"github.com/nspcc-dev/neo-go/pkg/config/netmode"
@@ -223,6 +224,9 @@ func initBCWithMetrics(cfg config.Config, log *zap.Logger) (*core.Blockchain, *m
 }
 
 func dumpDB(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	cfg, err := getConfigFromContext(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -273,6 +277,9 @@ func dumpDB(ctx *cli.Context) error {
 }
 
 func restoreDB(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	cfg, err := getConfigFromContext(ctx)
 	if err != nil {
 		return err
@@ -455,6 +462,10 @@ func mkP2PNotary(config config.P2PNotary, chain *core.Blockchain, serv *network.
 }
 
 func startServer(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
+
 	cfg, err := getConfigFromContext(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
diff --git a/cli/server_test.go b/cli/server_test.go
index 6c32b837f..56da8e262 100644
--- a/cli/server_test.go
+++ b/cli/server_test.go
@@ -98,9 +98,11 @@ func TestServerStart(t *testing.T) {
 	// We can't properly shutdown server on windows and release the resources.
 	// Also, windows doesn't support SIGHUP and SIGINT.
 	if runtime.GOOS != "windows" {
+		saveCfg(t, func(cfg *config.Config) {})
+		t.Run("excessive parameters", func(t *testing.T) {
+			e.RunWithError(t, append(baseCmd, "something")...)
+		})
 		t.Run("good", func(t *testing.T) {
-			saveCfg(t, func(cfg *config.Config) {})
-
 			go func() {
 				e.Run(t, baseCmd...)
 			}()
diff --git a/cli/smartcontract/generate.go b/cli/smartcontract/generate.go
index c033914ac..ba33dfffb 100644
--- a/cli/smartcontract/generate.go
+++ b/cli/smartcontract/generate.go
@@ -5,6 +5,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/binding"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/urfave/cli"
@@ -39,6 +40,9 @@ var generateWrapperCmd = cli.Command{
 
 // contractGenerateWrapper deploys contract.
 func contractGenerateWrapper(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	m, _, err := readManifest(ctx.String("manifest"))
 	if err != nil {
 		return cli.NewExitError(fmt.Errorf("can't read contract manifest: %w", err), 1)
diff --git a/cli/smartcontract/manifest.go b/cli/smartcontract/manifest.go
index e84f808bf..1f4eca2a2 100644
--- a/cli/smartcontract/manifest.go
+++ b/cli/smartcontract/manifest.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
@@ -14,6 +15,9 @@ import (
 )
 
 func manifestAddGroup(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	sender, err := flags.ParseAddress(ctx.String("sender"))
 	if err != nil {
 		return cli.NewExitError(fmt.Errorf("invalid sender: %w", err), 1)
diff --git a/cli/smartcontract/smart_contract.go b/cli/smartcontract/smart_contract.go
index e14e31b7b..1d07e8a26 100644
--- a/cli/smartcontract/smart_contract.go
+++ b/cli/smartcontract/smart_contract.go
@@ -425,6 +425,9 @@ func NewCommands() []cli.Command {
 
 // initSmartContract initializes a given directory with some boiler plate code.
 func initSmartContract(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	contractName := ctx.String("name")
 	if contractName == "" {
 		return cli.NewExitError(errNoSmartContractName, 1)
@@ -494,6 +497,9 @@ require (
 }
 
 func contractCompile(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	src := ctx.String("in")
 	if len(src) == 0 {
 		return cli.NewExitError(errNoInput, 1)
@@ -546,6 +552,9 @@ func contractCompile(ctx *cli.Context) error {
 }
 
 func calcHash(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	sender := ctx.Generic("sender").(*flags.Address)
 	if !sender.IsSet {
 		return cli.NewExitError("sender is not set", 1)
@@ -798,6 +807,9 @@ type ProjectConfig struct {
 }
 
 func inspect(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	in := ctx.String("in")
 	compile := ctx.Bool("compile")
 	if len(in) == 0 {
diff --git a/cli/util/dump.go b/cli/util/dump.go
index 427bfb732..e8cd334d7 100644
--- a/cli/util/dump.go
+++ b/cli/util/dump.go
@@ -12,11 +12,14 @@ import (
 )
 
 func txDump(ctx *cli.Context) error {
-	if len(ctx.Args()) == 0 {
+	args := ctx.Args()
+	if len(args) == 0 {
 		return cli.NewExitError("missing input file", 1)
+	} else if len(args) > 1 {
+		return cli.NewExitError("only one input file is accepted", 1)
 	}
 
-	c, err := paramcontext.Read(ctx.Args()[0])
+	c, err := paramcontext.Read(args[0])
 	if err != nil {
 		return cli.NewExitError(err, 1)
 	}
diff --git a/cli/vm/vm.go b/cli/vm/vm.go
index 50993e970..9a0d780ed 100644
--- a/cli/vm/vm.go
+++ b/cli/vm/vm.go
@@ -4,6 +4,7 @@ import (
 	"os"
 
 	"github.com/chzyer/readline"
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	vmcli "github.com/nspcc-dev/neo-go/pkg/vm/cli"
 	"github.com/urfave/cli"
 )
@@ -21,6 +22,9 @@ func NewCommands() []cli.Command {
 }
 
 func startVMPrompt(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	p := vmcli.NewWithConfig(true, os.Exit, &readline.Config{})
 	return p.Run()
 }
diff --git a/cli/wallet/multisig.go b/cli/wallet/multisig.go
index 611b95e20..2d9f34b2c 100644
--- a/cli/wallet/multisig.go
+++ b/cli/wallet/multisig.go
@@ -3,6 +3,7 @@ package wallet
 import (
 	"fmt"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/cli/options"
 	"github.com/nspcc-dev/neo-go/cli/paramcontext"
@@ -12,6 +13,9 @@ import (
 )
 
 func signStoredTransaction(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, pass, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
diff --git a/cli/wallet/nep11.go b/cli/wallet/nep11.go
index 0631e8bc8..9d684cbeb 100644
--- a/cli/wallet/nep11.go
+++ b/cli/wallet/nep11.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"math/big"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/cli/options"
@@ -163,6 +164,10 @@ func removeNEP11Token(ctx *cli.Context) error {
 func getNEP11Balance(ctx *cli.Context) error {
 	var accounts []*wallet.Account
 
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
+
 	wall, _, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(fmt.Errorf("bad wallet: %w", err), 1)
@@ -309,6 +314,9 @@ func printNEP11DOwner(ctx *cli.Context) error {
 
 func printNEP11Owner(ctx *cli.Context, divisible bool) error {
 	var err error
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	tokenHash := ctx.Generic("token").(*flags.Address)
 	if !tokenHash.IsSet {
 		return cli.NewExitError("token contract hash was not set", 1)
@@ -383,6 +391,9 @@ func printNEP11TokensOf(ctx *cli.Context) error {
 
 func printNEP11Tokens(ctx *cli.Context) error {
 	var err error
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	tokenHash := ctx.Generic("token").(*flags.Address)
 	if !tokenHash.IsSet {
 		return cli.NewExitError("token contract hash was not set", 1)
@@ -409,6 +420,9 @@ func printNEP11Tokens(ctx *cli.Context) error {
 
 func printNEP11Properties(ctx *cli.Context) error {
 	var err error
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	tokenHash := ctx.Generic("token").(*flags.Address)
 	if !tokenHash.IsSet {
 		return cli.NewExitError("token contract hash was not set", 1)
diff --git a/cli/wallet/nep17.go b/cli/wallet/nep17.go
index 0999df7e5..091315224 100644
--- a/cli/wallet/nep17.go
+++ b/cli/wallet/nep17.go
@@ -151,6 +151,9 @@ func newNEP17Commands() []cli.Command {
 func getNEP17Balance(ctx *cli.Context) error {
 	var accounts []*wallet.Account
 
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(fmt.Errorf("bad wallet: %w", err), 1)
@@ -349,6 +352,9 @@ func importNEP17Token(ctx *cli.Context) error {
 }
 
 func importNEPToken(ctx *cli.Context, standard string) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := openWallet(ctx, true)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -411,6 +417,9 @@ func printNEP17Info(ctx *cli.Context) error {
 }
 
 func printNEPInfo(ctx *cli.Context, standard string) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -443,6 +452,9 @@ func removeNEP17Token(ctx *cli.Context) error {
 }
 
 func removeNEPToken(ctx *cli.Context, standard string) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := openWallet(ctx, true)
 	if err != nil {
 		return cli.NewExitError(err, 1)
diff --git a/cli/wallet/validator.go b/cli/wallet/validator.go
index 9426bd14c..649545691 100644
--- a/cli/wallet/validator.go
+++ b/cli/wallet/validator.go
@@ -3,6 +3,7 @@ package wallet
 import (
 	"fmt"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/cli/options"
@@ -83,6 +84,9 @@ func handleUnregister(ctx *cli.Context) error {
 }
 
 func handleCandidate(ctx *cli.Context, method string, sysGas int64) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, pass, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -138,6 +142,9 @@ func handleCandidate(ctx *cli.Context, method string, sysGas int64) error {
 }
 
 func handleVote(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, pass, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
diff --git a/cli/wallet/wallet.go b/cli/wallet/wallet.go
index e1a2bb8cd..9ce9255a2 100644
--- a/cli/wallet/wallet.go
+++ b/cli/wallet/wallet.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/cli/options"
@@ -295,6 +296,9 @@ func NewCommands() []cli.Command {
 }
 
 func claimGas(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, pass, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -332,6 +336,9 @@ func claimGas(ctx *cli.Context) error {
 }
 
 func changePassword(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := openWallet(ctx, false)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -384,6 +391,9 @@ func changePassword(ctx *cli.Context) error {
 }
 
 func convertWallet(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, pass, err := newWalletV2FromFile(ctx.String("wallet"), ctx.String("wallet-config"))
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -421,6 +431,9 @@ func convertWallet(ctx *cli.Context) error {
 }
 
 func addAccount(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, pass, err := openWallet(ctx, true)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -535,6 +548,9 @@ func importMultisig(ctx *cli.Context) error {
 }
 
 func importDeployed(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := openWallet(ctx, true)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -588,6 +604,9 @@ func importDeployed(ctx *cli.Context) error {
 }
 
 func importWallet(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := openWallet(ctx, true)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -617,6 +636,9 @@ func importWallet(ctx *cli.Context) error {
 }
 
 func removeAccount(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := openWallet(ctx, true)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -660,6 +682,9 @@ func askForConsent(w io.Writer) bool {
 }
 
 func dumpWallet(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, pass, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -685,6 +710,9 @@ func dumpWallet(ctx *cli.Context) error {
 }
 
 func dumpKeys(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	wall, _, err := readWallet(ctx)
 	if err != nil {
 		return cli.NewExitError(err, 1)
@@ -732,6 +760,9 @@ func dumpKeys(ctx *cli.Context) error {
 }
 
 func createWallet(ctx *cli.Context) error {
+	if err := cmdargs.EnsureNone(ctx); err != nil {
+		return err
+	}
 	path := ctx.String("wallet")
 	configPath := ctx.String("wallet-config")