diff --git a/programs/cardinal-payment-manager/src/instructions/handle_payment_with_royalties.rs b/programs/cardinal-payment-manager/src/instructions/handle_payment_with_royalties.rs
index ca7863878..03c3bad0f 100644
--- a/programs/cardinal-payment-manager/src/instructions/handle_payment_with_royalties.rs
+++ b/programs/cardinal-payment-manager/src/instructions/handle_payment_with_royalties.rs
@@ -1,3 +1,5 @@
+use mpl_token_metadata::utils::assert_derivation;
+
 use {
     crate::{errors::ErrorCode, state::*},
     anchor_lang::prelude::*,
@@ -45,6 +47,13 @@ pub fn handler<'key, 'accounts, 'remaining, 'info>(ctx: Context<'key, 'accounts,
         .expect("Division error");
     let total_fees = maker_fee.checked_add(taker_fee).expect("Add error");
 
+    // assert metadata account derivation
+    assert_derivation(
+        &mpl_token_metadata::id(),
+        &ctx.accounts.mint_metadata.to_account_info(),
+        &[mpl_token_metadata::state::PREFIX.as_bytes(), mpl_token_metadata::id().as_ref(), ctx.accounts.mint.key().as_ref()],
+    )?;
+
     // royalties
     let mut fees_paid_out: u64 = 0;
     if !ctx.accounts.mint_metadata.data_is_empty() {