diff --git a/src/bank_api.cpp b/src/bank_api.cpp
index 0ba8783..24e7c99 100644
--- a/src/bank_api.cpp
+++ b/src/bank_api.cpp
@@ -1,5 +1,7 @@
 #include "bank_api.h"
 
+// TODO: parser iterate(input).get(doc) error handling might be superfulous
+
 #define CACHE_FOREVER resp->setExpiredTime(0)
 
 #define CORS resp->addHeader("Access-Control-Allow-Origin", "*")
@@ -301,7 +303,7 @@ void api::AdminAddUser(req_args)
         std::string_view name;
         uint64_t amount;
         std::string_view pass;
-        if (doc["name"].get(name) || doc["amount"].get(amount) || doc["time"].get(pass))
+        if (doc["name"].get(name) || doc["amount"].get(amount) || doc["time"].get(pass) || (amount > std::numeric_limits<uint32_t>::max()))
         {
             res = BankResponse{k400BadRequest, "\"Missing/Invalid JSON arg(s)\""};
         }