diff --git a/contracts/Engagement.sol b/contracts/Engagement.sol
index dbc7592..8b98bac 100644
--- a/contracts/Engagement.sol
+++ b/contracts/Engagement.sol
@@ -50,6 +50,9 @@ contract EngagementContract is IEngagement, ERC1155, AccessControl {
         uint tokenId,
         uint amount
     ) external override {
+        if (account != msg.sender) {
+            revert NotAllowed(account, tokenId);
+        }
         _burn(account, tokenId, 1);
         emit Burn(account, tokenId, 1);
     }
diff --git a/contracts/IEngagement.sol b/contracts/IEngagement.sol
index c6c33e0..ce9d56f 100644
--- a/contracts/IEngagement.sol
+++ b/contracts/IEngagement.sol
@@ -5,6 +5,7 @@ interface IEngagement {
 
     error NotFound(uint tokenId);
     error MintLimit(address account, uint tokenId);
+    error NotAllowed(address account, uint tokenId);
 
     function counter() external view returns (uint);
 
diff --git a/test/engagements.ts b/test/engagements.ts
index 3d0da6c..560373c 100644
--- a/test/engagements.ts
+++ b/test/engagements.ts
@@ -22,7 +22,7 @@ describe("Engage", function () {
   // and reset Hardhat Network to that snapshot in every test.
   async function deployFixture() {
     // Contracts are deployed using the first signer/account by default
-    const [deployer, provider, otherAccount] =
+    const [deployer, provider, otherAccount, otherAccount2] =
       await hre.viem.getWalletClients();
 
     const contract = await hre.viem.deployContract("EngagementContract");
@@ -35,6 +35,7 @@ describe("Engage", function () {
       deployer,
       provider,
       otherAccount,
+      otherAccount2,
       publicClient,
     };
   }
@@ -137,11 +138,13 @@ describe("Engage", function () {
     let tokenId: any;
     let contract: any;
     let otherAccount: any;
+    let otherAccount2: any;
 
     beforeEach(async function () {
       const fixture = await loadFixture(deployFixture);
       contract = fixture.contract;
       otherAccount = fixture.otherAccount;
+      otherAccount2 = fixture.otherAccount2;
 
       tokenId = await contract.read.counter();
       await contract.write.issue([hash]);
@@ -237,7 +240,7 @@ describe("Engage", function () {
           }
         );
       });
-      describe("Success", () => {
+      describe("Success", async function () {
         it("Should have an account balance of 0", async function () {
           const balance1 = await contract.read.balanceOf([
             getAddress(otherAccount.account.address),
@@ -281,6 +284,22 @@ describe("Engage", function () {
           );
         });
       });
+      describe("Revert", async function () {
+        it("Should revert with NotAllowed (msg.sender != account)", async function () {
+          await expect(
+            contract.write.burn(
+              [getAddress(otherAccount.account.address), tokenId, amount],
+              {
+                account: otherAccount2.account.address,
+              }
+            )
+          ).to.be.rejectedWith(
+            `NotAllowed("${getAddress(
+              otherAccount.account.address
+            )}", ${tokenId})`
+          );
+        });
+      });
     });
   });
 });