diff --git a/x/wasm/client/cli/tx.go b/x/wasm/client/cli/tx.go
index ed5a01a..d46b313 100644
--- a/x/wasm/client/cli/tx.go
+++ b/x/wasm/client/cli/tx.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"fmt"
 	"io/ioutil"
-	"net/url"
 	"strconv"
 
 	"github.com/spf13/cobra"
@@ -28,9 +27,6 @@ const (
 	flagBuilder = "builder"
 )
 
-// limit max bytes read to prevent gzip bombs
-const maxSize = 400 * 1024
-
 // whitelist
 var validBuildTags = map[string]bool{
 	"cosmwasm-opt:0.6.0": true, "cosmwasm-opt:0.5.2": true,
@@ -72,30 +68,8 @@ func StoreCodeCmd(cdc *codec.Codec) *cobra.Command {
 
 			source := viper.GetString(flagSource)
 
-			// ensure source to be a valid uri
-			if source != "" {
-				_, err := url.Parse(source)
-
-				if err != nil {
-					return fmt.Errorf("invalid url supplied for source %s", source)
-				}
-			}
-
 			builder := viper.GetString(flagBuilder)
 
-			// ensure builder to be a valid build tag
-			if builder != "" {
-				if !validBuildTags[builder] {
-					return fmt.Errorf("invalid tag supplied for builder %s", source)
-				}
-			}
-
-			// limit the input size
-			if len(wasm) > maxSize {
-				return fmt.Errorf("input size exceeds the max size allowed (allowed:%d, actual: %d)",
-					maxSize, len(wasm))
-			}
-
 			// gzip the wasm file
 			if wasmUtils.IsWasm(wasm) {
 				wasm, err = wasmUtils.GzipIt(wasm)
@@ -114,6 +88,10 @@ func StoreCodeCmd(cdc *codec.Codec) *cobra.Command {
 				Source:       source,
 				Builder:      builder,
 			}
+			err = msg.ValidateBasic()
+			if err != nil {
+				return fmt.Errorf("invalid message")
+			}
 			return utils.GenerateOrBroadcastMsgs(cliCtx, txBldr, []sdk.Msg{msg})
 		},
 	}
diff --git a/x/wasm/client/utils/utils_test.go b/x/wasm/client/utils/utils_test.go
index f389043..0594a9a 100644
--- a/x/wasm/client/utils/utils_test.go
+++ b/x/wasm/client/utils/utils_test.go
@@ -6,7 +6,7 @@ import (
 	"testing"
 )
 
-func GetTestData() ([]byte, []byte, []byte, error){
+func GetTestData() ([]byte, []byte, []byte, error) {
 	wasmCode, err := ioutil.ReadFile("../../internal/keeper/testdata/contract.wasm")
 
 	if err != nil {
@@ -23,7 +23,7 @@ func GetTestData() ([]byte, []byte, []byte, error){
 	return wasmCode, someRandomStr, gzipData, nil
 }
 
-func TestIsWasm (t *testing.T) {
+func TestIsWasm(t *testing.T) {
 	wasmCode, someRandomStr, gzipData, err := GetTestData()
 	require.NoError(t, err)
 
@@ -35,7 +35,7 @@ func TestIsWasm (t *testing.T) {
 	require.True(t, IsWasm(wasmCode))
 }
 
-func TestIsGzip (t *testing.T) {
+func TestIsGzip(t *testing.T) {
 	wasmCode, someRandomStr, gzipData, err := GetTestData()
 	require.NoError(t, err)
 
@@ -44,7 +44,7 @@ func TestIsGzip (t *testing.T) {
 	require.True(t, IsGzip(gzipData))
 }
 
-func TestGzipIt (t *testing.T) {
+func TestGzipIt(t *testing.T) {
 	wasmCode, someRandomStr, _, err := GetTestData()
 	originalGzipData := []byte{31, 139, 8, 0, 0, 0, 0, 0, 0, 255, 202, 72, 205, 201, 201, 87, 40, 207, 47, 202, 73, 1,
 		4, 0, 0, 255, 255, 133, 17, 74, 13, 11, 0, 0, 0}
@@ -61,4 +61,4 @@ func TestGzipIt (t *testing.T) {
 	require.True(t, IsGzip(strToGzip))
 	require.NoError(t, err)
 	require.Equal(t, originalGzipData, strToGzip)
-}
\ No newline at end of file
+}
diff --git a/x/wasm/handler.go b/x/wasm/handler.go
index 0ed3e3e..6e07698 100644
--- a/x/wasm/handler.go
+++ b/x/wasm/handler.go
@@ -40,6 +40,7 @@ func NewHandler(k Keeper) sdk.Handler {
 }
 
 func handleStoreCode(ctx sdk.Context, k Keeper, msg *MsgStoreCode) sdk.Result {
+	err := msg.ValidateBasic()
 	codeID, err := k.Create(ctx, msg.Sender, msg.WASMByteCode, msg.Source, msg.Builder)
 	if err != nil {
 		return err.Result()
diff --git a/x/wasm/internal/keeper/keeper.go b/x/wasm/internal/keeper/keeper.go
index d2d231f..82d2ea3 100644
--- a/x/wasm/internal/keeper/keeper.go
+++ b/x/wasm/internal/keeper/keeper.go
@@ -62,8 +62,7 @@ func NewKeeper(cdc *codec.Codec, storeKey sdk.StoreKey, accountKeeper auth.Accou
 }
 
 // Create uploads and compiles a WASM contract, returning a short identifier for the contract
-func (k Keeper) Create(ctx sdk.Context, creator sdk.AccAddress, wasmCode []byte, source string,
-	builder string) (codeID uint64, sdkErr sdk.Error) {
+func (k Keeper) Create(ctx sdk.Context, creator sdk.AccAddress, wasmCode []byte, source string, builder string) (codeID uint64, sdkErr sdk.Error) {
 	wasmCode, err := uncompress(wasmCode)
 	if err != nil {
 		return 0, types.ErrCreateFailed(err)
diff --git a/x/wasm/internal/types/msg.go b/x/wasm/internal/types/msg.go
index 8f1e9c9..e1283ca 100644
--- a/x/wasm/internal/types/msg.go
+++ b/x/wasm/internal/types/msg.go
@@ -1,6 +1,9 @@
 package types
 
 import (
+	"net/url"
+	"regexp"
+
 	sdk "github.com/cosmos/cosmos-sdk/types"
 )
 
@@ -33,6 +36,21 @@ func (msg MsgStoreCode) ValidateBasic() sdk.Error {
 	if len(msg.WASMByteCode) > MaxWasmSize {
 		return sdk.ErrInternal("wasm code too large")
 	}
+	if msg.Source != "" {
+		_, err := url.Parse(msg.Source)
+		if err != nil {
+			return sdk.ErrInternal("invalid source")
+		}
+	}
+	if msg.Builder != "" {
+		ok, err := regexp.MatchString("cosmwasm-op:", msg.Builder)
+		if err != nil {
+			if !ok {
+				return sdk.ErrInternal("invalid tag supplied for builder")
+			}
+		}
+	}
+
 	return nil
 }