diff --git a/src/address.c b/src/address.c
index 0a0c498..4d0c98e 100644
--- a/src/address.c
+++ b/src/address.c
@@ -40,9 +40,18 @@ bool address_from_pubkey(const uint8_t public_key[static 32], uint8_t *out, size
     if (error != CX_OK) {
         return false;
     }
-    cx_hash_update((cx_hash_t *) &sha3, public_key, 32);
-    cx_hash_update((cx_hash_t *) &sha3, &signature_scheme_id, 1);
-    cx_hash_final((cx_hash_t *) &sha3, address);
+    error = cx_hash_update((cx_hash_t *) &sha3, public_key, 32);
+    if (error != CX_OK) {
+        return false;
+    }
+    error = cx_hash_update((cx_hash_t *) &sha3, &signature_scheme_id, 1);
+    if (error != CX_OK) {
+        return false;
+    }
+    error = cx_hash_final((cx_hash_t *) &sha3, address);
+    if (error != CX_OK) {
+        return false;
+    }
 
     memmove(out, address, ADDRESS_LEN);
 
diff --git a/src/crypto.c b/src/crypto.c
index cf2e139..de2e606 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -98,7 +98,11 @@ cx_err_t crypto_sign_message() {
     }
 
     size_t size;
-    cx_ecdomain_parameters_length(private_key.curve, &size);
+    error = cx_ecdomain_parameters_length(private_key.curve, &size);
+    if (error != CX_OK) {
+        explicit_bzero(&private_key, sizeof(private_key));
+        return error;
+    }
     G_context.tx_info.signature_len = 2 * size;
 
     PRINTF("Signature: %.*H\n", G_context.tx_info.signature_len, G_context.tx_info.signature);