diff --git a/src/utils/SafeTransferLib.sol b/src/utils/SafeTransferLib.sol
index 3c63993adc..d19ff6113d 100644
--- a/src/utils/SafeTransferLib.sol
+++ b/src/utils/SafeTransferLib.sol
@@ -205,7 +205,8 @@ library SafeTransferLib {
         assembly {
             to := shr(96, shl(96, to)) // Clean upper 96 bits.
             for { let mover := ETH_MOVER } iszero(eq(to, address())) {} {
-                if or(lt(selfbalance(), amount), eq(to, mover)) {
+                let selfBalanceBefore := selfbalance()
+                if or(lt(selfBalanceBefore, amount), eq(to, mover)) {
                     mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.
                     revert(0x1c, 0x04)
                 }
@@ -213,6 +214,7 @@ library SafeTransferLib {
                     let balanceBefore := balance(to) // Check via delta, in case `SELFDESTRUCT` is bricked.
                     pop(call(gas(), mover, amount, codesize(), 0x00, codesize(), 0x00))
                     if iszero(lt(add(amount, balance(to)), balanceBefore)) { break }
+                    if lt(selfBalanceBefore, selfbalance()) { invalid() } // Just in case.
                 }
                 let m := mload(0x40)
                 // If the mover is missing or bricked, deploy a minimal vault
diff --git a/test/SafeTransferLib.t.sol b/test/SafeTransferLib.t.sol
index fec734311d..a71021dae8 100644
--- a/test/SafeTransferLib.t.sol
+++ b/test/SafeTransferLib.t.sol
@@ -1267,6 +1267,8 @@ contract SafeTransferLibTest is SoladyTest {
     }
 
     function safeMoveETH(address to, uint256 amount) public returns (address) {
+        if (_randomChance(2)) _misalignFreeMemoryPointer();
+        if (_randomChance(2)) _brutalizeMemory();
         return SafeTransferLib.safeMoveETH(_brutalized(to), amount);
     }