diff --git a/node/pkg/p2p/p2p.go b/node/pkg/p2p/p2p.go
index 691d05b08..92da1c284 100644
--- a/node/pkg/p2p/p2p.go
+++ b/node/pkg/p2p/p2p.go
@@ -484,6 +484,11 @@ func processSignedObservationRequest(s *gossipv1.SignedObservationRequest, gs *n
 		pk = gs.Keys[idx]
 	}
 
+	// SECURITY: see whitepapers/0009_guardian_key.md
+	if len(signedObservationRequestPrefix)+len(s.ObservationRequest) < 34 {
+		return nil, fmt.Errorf("invalid observation request: too short")
+	}
+
 	digest := signedObservationRequestDigest(s.ObservationRequest)
 
 	pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)