diff --git a/pkg/smartcontract/manifest/manifest_test.go b/pkg/smartcontract/manifest/manifest_test.go
index 1af90a05f..4ac0589b7 100644
--- a/pkg/smartcontract/manifest/manifest_test.go
+++ b/pkg/smartcontract/manifest/manifest_test.go
@@ -5,6 +5,7 @@ import (
 	"math/big"
 	"testing"
 
+	"github.com/nspcc-dev/neo-go/internal/random"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
 	"github.com/nspcc-dev/neo-go/pkg/util"
@@ -69,8 +70,16 @@ func TestPermission_IsAllowed(t *testing.T) {
 	manifest := DefaultManifest("Test")
 
 	t.Run("wildcard", func(t *testing.T) {
+		h := random.Uint160()
+
 		perm := NewPermission(PermissionWildcard)
-		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
+		require.True(t, perm.IsAllowed(h, manifest, "AAA"))
+
+		perm.Methods.Restrict()
+		require.False(t, perm.IsAllowed(h, manifest, "AAA"))
+
+		perm.Methods.Add("AAA")
+		require.True(t, perm.IsAllowed(h, manifest, "AAA"))
 	})
 
 	t.Run("hash", func(t *testing.T) {
@@ -97,13 +106,16 @@ func TestPermission_IsAllowed(t *testing.T) {
 	t.Run("group", func(t *testing.T) {
 		perm := NewPermission(PermissionGroup, priv.PublicKey())
 		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
-	})
 
-	t.Run("invalid group", func(t *testing.T) {
 		priv2, err := keys.NewPrivateKey()
 		require.NoError(t, err)
-		perm := NewPermission(PermissionGroup, priv2.PublicKey())
+
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
 		require.False(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
+
+		manifest.Groups = append(manifest.Groups, Group{PublicKey: priv2.PublicKey()})
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
+		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
 	})
 }
 
diff --git a/pkg/smartcontract/manifest/permission.go b/pkg/smartcontract/manifest/permission.go
index 2fa91cb69..bbbb7d084 100644
--- a/pkg/smartcontract/manifest/permission.go
+++ b/pkg/smartcontract/manifest/permission.go
@@ -162,18 +162,22 @@ func (ps Permissions) AreValid() error {
 func (p *Permission) IsAllowed(hash util.Uint160, m *Manifest, method string) bool {
 	switch p.Contract.Type {
 	case PermissionWildcard:
-		return true
 	case PermissionHash:
 		if !p.Contract.Hash().Equals(hash) {
 			return false
 		}
 	case PermissionGroup:
+		has := false
 		g := p.Contract.Group()
 		for i := range m.Groups {
-			if !g.Equal(m.Groups[i].PublicKey) {
-				return false
+			if g.Equal(m.Groups[i].PublicKey) {
+				has = true
+				break
 			}
 		}
+		if !has {
+			return false
+		}
 	default:
 		panic(fmt.Sprintf("unexpected permission: %d", p.Contract.Type))
 	}