diff --git a/lib/bn.js b/lib/bn.js
index ddab450..f6fd639 100644
--- a/lib/bn.js
+++ b/lib/bn.js
@@ -189,6 +189,7 @@
 
       // '0' - '9'
       } else {
+        assert(c >= 0 && c <= 9, 'Invalid character ' + str[i]);
         r |= c & 0xf;
       }
     }
@@ -232,16 +233,17 @@
 
       r *= mul;
 
-      // 'a'
-      if (c >= 49) {
+      // 'a' - 'z'
+      if (c >= 49 && c <= 74) {
         r += c - 49 + 0xa;
 
-      // 'A'
-      } else if (c >= 17) {
+      // 'A' - 'Z'
+      } else if (c >= 17 && c <= 42) {
         r += c - 17 + 0xa;
 
       // '0' - '9'
       } else {
+        assert(c >= 0 && c <= 9, 'Invalid character ' + str[i]);
         r += c;
       }
     }
diff --git a/test/constructor-test.js b/test/constructor-test.js
index cb63317..46f132a 100644
--- a/test/constructor-test.js
+++ b/test/constructor-test.js
@@ -90,6 +90,15 @@ describe('BN.js/Constructor', function () {
       assert.equal(new BN('1A6B765D8CDF', 16, 'le').toString(16),
         'df8c5d766b1a');
     });
+
+    it('should not accept decimal', function () {
+      assert.throws(function () {
+        BN('10.00', 10);
+      });
+      assert.throws(function () {
+        BN('16.00', 16);
+      });
+    });
   });
 
   describe('with Array input', function () {