diff --git a/webapp/controller/MarketController.class.php b/webapp/controller/MarketController.class.php
index 87cd14dd..8e312982 100644
--- a/webapp/controller/MarketController.class.php
+++ b/webapp/controller/MarketController.class.php
@@ -163,10 +163,20 @@ class MarketController extends BaseController {
             myself()->_rspErr(500, 'server internal error');
             return;
         }
-        if (!mt\MarketGoods::isOnSaleItem($currBatchMeta['batch_id'], $idx, $itemId)) {
+        $goodsMeta = mt\MarketGoods::getOnSaleGoods($currBatchMeta['batch_id'], $idx, $itemId);
+        if (!$goodsMeta) {
             myself()->_rspErr(500, 'server internal error');
             return;
         }
+        if ($currBatchMeta['white_list'] && !mt\WhiteList::inWhiteList($buyerAddress)) {
+            myself()->_rspErr(500, 'not white list user');
+            return;
+        }
+        $currencyMeta = mt\Currency::get($goodsMeta['currency_id']);
+        if (!$currencyMeta || $currencyMeta['address'] != $paymentTokenAddress) {
+            myself()->_rspErr(500, 'currency error');
+            return;
+        }
 
         if (!phpcommon\isValidBcGameId($gameId)) {
             myself()->_rspErr(500, 'server internal error');
diff --git a/webapp/mt/MarketGoods.php b/webapp/mt/MarketGoods.php
index ad202b91..0283fc5a 100644
--- a/webapp/mt/MarketGoods.php
+++ b/webapp/mt/MarketGoods.php
@@ -27,7 +27,7 @@ class MarketGoods {
         return getXVal(self::$batchHash, $batchId, null);
     }
 
-    public static function isOnSaleItem($batchId, $idx, $itemId)
+    public static function getOnSaleGoods($batchId, $idx, $itemId)
     {
         $metas = self::getBatchMetas($batchId);
         if (!empty($metas)) {