diff --git a/packages/chopsticks/src/server.ts b/packages/chopsticks/src/server.ts
index 8ba3e490..7498099a 100644
--- a/packages/chopsticks/src/server.ts
+++ b/packages/chopsticks/src/server.ts
@@ -1,3 +1,4 @@
+import { z } from 'zod'
 import WebSocket, { AddressInfo, WebSocketServer } from 'ws'
 
 import { ResponseError, SubscriptionManager } from './rpc/shared'
@@ -5,6 +6,13 @@ import { defaultLogger, truncate } from './logger'
 
 const logger = defaultLogger.child({ name: 'ws' })
 
+const requestSchema = z.object({
+  id: z.number(),
+  jsonrpc: z.literal('2.0'),
+  method: z.string(),
+  params: z.array(z.any()).default([]),
+})
+
 export type Handler = (
   data: { method: string; params: string[] },
   subscriptionManager: SubscriptionManager,
@@ -103,8 +111,8 @@ export const createServer = async (handler: Handler, port?: number) => {
     })
 
     ws.on('message', async (message) => {
-      const req = parseRequest(message.toString())
-      if (!req || req.id == null || req.method == null) {
+      const parsed = await requestSchema.safeParseAsync(parseRequest(message.toString()))
+      if (!parsed.success) {
         logger.info('Invalid request: %s', message)
         send({
           id: null,
@@ -117,6 +125,7 @@ export const createServer = async (handler: Handler, port?: number) => {
         return
       }
 
+      const { data: req } = parsed
       logger.trace(
         {
           id: req.id,