diff --git a/pkg/smartcontract/manifest/manifest_test.go b/pkg/smartcontract/manifest/manifest_test.go
index b30e0aff2..4ac0589b7 100644
--- a/pkg/smartcontract/manifest/manifest_test.go
+++ b/pkg/smartcontract/manifest/manifest_test.go
@@ -106,13 +106,16 @@ func TestPermission_IsAllowed(t *testing.T) {
 	t.Run("group", func(t *testing.T) {
 		perm := NewPermission(PermissionGroup, priv.PublicKey())
 		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
-	})
 
-	t.Run("invalid group", func(t *testing.T) {
 		priv2, err := keys.NewPrivateKey()
 		require.NoError(t, err)
-		perm := NewPermission(PermissionGroup, priv2.PublicKey())
+
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
 		require.False(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
+
+		manifest.Groups = append(manifest.Groups, Group{PublicKey: priv2.PublicKey()})
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
+		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
 	})
 }
 
diff --git a/pkg/smartcontract/manifest/permission.go b/pkg/smartcontract/manifest/permission.go
index cce3e0342..bbbb7d084 100644
--- a/pkg/smartcontract/manifest/permission.go
+++ b/pkg/smartcontract/manifest/permission.go
@@ -167,12 +167,17 @@ func (p *Permission) IsAllowed(hash util.Uint160, m *Manifest, method string) bo
 			return false
 		}
 	case PermissionGroup:
+		has := false
 		g := p.Contract.Group()
 		for i := range m.Groups {
-			if !g.Equal(m.Groups[i].PublicKey) {
-				return false
+			if g.Equal(m.Groups[i].PublicKey) {
+				has = true
+				break
 			}
 		}
+		if !has {
+			return false
+		}
 	default:
 		panic(fmt.Sprintf("unexpected permission: %d", p.Contract.Type))
 	}