diff --git a/app/Http/Controllers/PredefinedMutationController.php b/app/Http/Controllers/PredefinedMutationController.php
index 45f5d60..ff0d40e 100644
--- a/app/Http/Controllers/PredefinedMutationController.php
+++ b/app/Http/Controllers/PredefinedMutationController.php
@@ -37,7 +37,7 @@ class PredefinedMutationController extends Controller
         $request->validate([
             'name' => ['required', 'string', 'max:255'],
             'description' => ['nullable', 'string'],
-            'amount' => ['required', 'integer'],
+            'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
         ]);
 
         $ledger->predefinedMutations()->create($request->all());
@@ -69,7 +69,7 @@ class PredefinedMutationController extends Controller
         $request->validate([
             'name' => ['required', 'string', 'max:255'],
             'description' => ['nullable', 'string'],
-            'amount' => ['required', 'integer'],
+            'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
         ]);
 
         $predefinedMutation->update($request->all());
diff --git a/app/Http/Requests/StoreMutationRequest.php b/app/Http/Requests/StoreMutationRequest.php
index 5c8472a..8a40e8c 100644
--- a/app/Http/Requests/StoreMutationRequest.php
+++ b/app/Http/Requests/StoreMutationRequest.php
@@ -25,7 +25,7 @@ class StoreMutationRequest extends FormRequest
     public function rules(): array
     {
         return [
-            'amount' => ['required', 'integer'],
+            'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
             'description' => ['required', 'string'],
             'type' => ['nullable', 'string'],
             'status' => ['nullable', 'string'],
diff --git a/tests/Feature/MutationTest.php b/tests/Feature/MutationTest.php
index 73f169e..b065192 100644
--- a/tests/Feature/MutationTest.php
+++ b/tests/Feature/MutationTest.php
@@ -121,3 +121,54 @@ test('owner can approve a pending suggestion and it is updated and logged', func
     expect($dynamicChatMessages->last()->user_id)->toBeNull();
     expect($dynamicChatMessages->last()->content)->toBe("<user:{$owner->id}> APPROVED the suggestion \"Polished dungeon floors\" for +20 points on \"{$ledger->name}\" ledger.");
 });
+
+test('creating a mutation with 0 points fails validation', function () {
+    $owner = User::factory()->create();
+    $dynamic = Dynamic::factory()->create();
+    $dynamic->participants()->attach($owner->id, ['role' => 'owner']);
+    $ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
+
+    $this->actingAs($owner);
+
+    $response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
+        'amount' => 0,
+        'description' => 'Zero point spam',
+    ]);
+
+    $response->assertSessionHasErrors(['amount']);
+    expect(Mutation::where('description', 'Zero point spam')->exists())->toBeFalse();
+});
+
+test('creating a mutation with more than 1000 points fails validation', function () {
+    $owner = User::factory()->create();
+    $dynamic = Dynamic::factory()->create();
+    $dynamic->participants()->attach($owner->id, ['role' => 'owner']);
+    $ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
+
+    $this->actingAs($owner);
+
+    $response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
+        'amount' => 1001,
+        'description' => 'Abusive positive point reward',
+    ]);
+
+    $response->assertSessionHasErrors(['amount']);
+    expect(Mutation::where('description', 'Abusive positive point reward')->exists())->toBeFalse();
+});
+
+test('creating a mutation with less than -1000 points fails validation', function () {
+    $owner = User::factory()->create();
+    $dynamic = Dynamic::factory()->create();
+    $dynamic->participants()->attach($owner->id, ['role' => 'owner']);
+    $ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
+
+    $this->actingAs($owner);
+
+    $response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
+        'amount' => -1001,
+        'description' => 'Abusive negative point demerit',
+    ]);
+
+    $response->assertSessionHasErrors(['amount']);
+    expect(Mutation::where('description', 'Abusive negative point demerit')->exists())->toBeFalse();
+});
diff --git a/tests/Feature/PredefinedMutationTest.php b/tests/Feature/PredefinedMutationTest.php
index 32fe0fe..28cc26e 100644
--- a/tests/Feature/PredefinedMutationTest.php
+++ b/tests/Feature/PredefinedMutationTest.php
@@ -164,3 +164,54 @@ test('owner can delete predefined mutation', function () {
         'id' => $predefined->id,
     ]);
 });
+
+test('creating a predefined mutation with 0 points fails validation', function () {
+    $owner = User::factory()->create();
+    $dynamic = Dynamic::factory()->create();
+    $dynamic->participants()->attach($owner->id, ['role' => 'owner']);
+    $ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
+
+    $this->actingAs($owner);
+
+    $response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
+        'name' => 'Zero point predefined',
+        'amount' => 0,
+    ]);
+
+    $response->assertSessionHasErrors(['amount']);
+    expect(PredefinedMutation::where('name', 'Zero point predefined')->exists())->toBeFalse();
+});
+
+test('creating a predefined mutation with more than 1000 points fails validation', function () {
+    $owner = User::factory()->create();
+    $dynamic = Dynamic::factory()->create();
+    $dynamic->participants()->attach($owner->id, ['role' => 'owner']);
+    $ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
+
+    $this->actingAs($owner);
+
+    $response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
+        'name' => 'Abusive positive predefined',
+        'amount' => 1001,
+    ]);
+
+    $response->assertSessionHasErrors(['amount']);
+    expect(PredefinedMutation::where('name', 'Abusive positive predefined')->exists())->toBeFalse();
+});
+
+test('creating a predefined mutation with less than -1000 points fails validation', function () {
+    $owner = User::factory()->create();
+    $dynamic = Dynamic::factory()->create();
+    $dynamic->participants()->attach($owner->id, ['role' => 'owner']);
+    $ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
+
+    $this->actingAs($owner);
+
+    $response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
+        'name' => 'Abusive negative predefined',
+        'amount' => -1001,
+    ]);
+
+    $response->assertSessionHasErrors(['amount']);
+    expect(PredefinedMutation::where('name', 'Abusive negative predefined')->exists())->toBeFalse();
+});