diff --git a/.changelog/2703.bugfix.2.md b/.changelog/2703.bugfix.2.md
new file mode 100644
index 00000000000..37259d3d0b9
--- /dev/null
+++ b/.changelog/2703.bugfix.2.md
@@ -0,0 +1 @@
+storage/mkvs: Fix proof verifier
diff --git a/go/storage/mkvs/urkel/syncer/proof.go b/go/storage/mkvs/urkel/syncer/proof.go
index 3ca9677ca97..dc94b70f58a 100644
--- a/go/storage/mkvs/urkel/syncer/proof.go
+++ b/go/storage/mkvs/urkel/syncer/proof.go
@@ -187,7 +187,7 @@ func (pv *ProofVerifier) VerifyProof(ctx context.Context, root hash.Hash, proof
 	if !rootNodeHash.Equal(&root) {
 		return nil, fmt.Errorf("verifier: bad root (expected: %s got: %s)",
 			root,
-			rootNode.Hash,
+			rootNodeHash,
 		)
 	}
 	return rootNode, nil
@@ -205,6 +205,9 @@ func (pv *ProofVerifier) verifyProof(ctx context.Context, proof *Proof, idx int)
 	if entry == nil {
 		return idx + 1, nil, nil
 	}
+	if len(entry) == 0 {
+		return -1, nil, errors.New("verifier: malformed proof")
+	}
 
 	switch entry[0] {
 	case proofEntryFull:
diff --git a/runtime/src/storage/mkvs/urkel/sync/proof.rs b/runtime/src/storage/mkvs/urkel/sync/proof.rs
index 34faa53ab6e..dfec452fbdd 100644
--- a/runtime/src/storage/mkvs/urkel/sync/proof.rs
+++ b/runtime/src/storage/mkvs/urkel/sync/proof.rs
@@ -103,6 +103,9 @@ impl ProofVerifier {
             Some(entry) => entry.as_ref(),
             None => return Ok((idx + 1, NodePointer::null_ptr())),
         };
+        if entry.is_empty() {
+            return Err(format_err!("verifier: malformed proof"));
+        }
 
         match entry[0] {
             PROOF_ENTRY_FULL => {