diff --git a/apps/block_scout_web/lib/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller.ex b/apps/block_scout_web/lib/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller.ex
index fa1541fd3d..b0ebc5b40e 100644
--- a/apps/block_scout_web/lib/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller.ex
+++ b/apps/block_scout_web/lib/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller.ex
@@ -2,21 +2,33 @@ defmodule BlockScoutWeb.API.V1.DecompiledSmartContractController do
   use BlockScoutWeb, :controller
 
   alias Explorer.Chain
+  alias Explorer.Chain.Hash.Address
 
   def create(conn, params) do
     if auth_token(conn) == actual_token() do
-      case Chain.create_decompiled_smart_contract(params) do
-        {:ok, _decompiled_source_code} ->
-          send_resp(conn, :created, "")
+      with :ok <- validate_address_hash(params["address_hash"]) do
+        case Chain.create_decompiled_smart_contract(params) do
+          {:ok, _decompiled_source_code} ->
+            send_resp(conn, :created, "")
 
-        {:error, _changeset} ->
-          send_resp(conn, :unprocessable_entity, "")
+          {:error, _changeset} ->
+            send_resp(conn, :unprocessable_entity, "")
+        end
+      else
+        :error -> send_resp(conn, :unprocessable_entity, "")
       end
     else
       send_resp(conn, :forbidden, "")
     end
   end
 
+  defp validate_address_hash(address_hash) do
+    case Address.cast(address_hash) do
+      {:ok, _} -> :ok
+      :error -> :error
+    end
+  end
+
   defp auth_token(conn) do
     case get_req_header(conn, "auth_token") do
       [token] -> token
diff --git a/apps/block_scout_web/test/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller_test.exs b/apps/block_scout_web/test/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller_test.exs
index a2b0dbde76..3aa6eb5387 100644
--- a/apps/block_scout_web/test/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller_test.exs
+++ b/apps/block_scout_web/test/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller_test.exs
@@ -24,6 +24,21 @@ defmodule BlockScoutWeb.API.V1.DecompiledControllerTest do
       assert request.status == 422
     end
 
+    test "returns unprocessable_entity when address_hash is invalid", %{conn: conn} do
+      decompiler_version = "test_decompiler"
+      decompiled_source_code = "hello world"
+
+      params = %{
+        "address_hash" => "hash",
+        "decompiler_version" => decompiler_version,
+        "decompiled_source_code" => decompiled_source_code
+      }
+
+      request = post(conn, api_v1_decompiled_smart_contract_path(conn, :create), params)
+
+      assert request.status == 422
+    end
+
     test "creates decompiled smart contract", %{conn: conn} do
       address_hash = to_string(insert(:address).hash)
       decompiler_version = "test_decompiler"