diff --git a/backend/src/api/admin.ts b/backend/src/api/admin.ts
index 83000c5..064bbcf 100644
--- a/backend/src/api/admin.ts
+++ b/backend/src/api/admin.ts
@@ -73,6 +73,14 @@ router.post("/addMoney", async (req, res) => {
         return res.status(400).json({ message: "Amount must be a string" })
     }
 
+    if (amount.lte(0)) {
+        return res.status(400).json({ message: "Amount must be positive" })
+    }
+
+    if (!amount.isFinite()) {
+        return res.status(400).json({ message: "No scamming" })
+    }
+
     // add money to user
     await sql.begin("ISOLATION LEVEL REPEATABLE READ", async (sql) => {
         // get topup