diff --git a/programs/compressed-token/program/src/ctoken/create_ata.rs b/programs/compressed-token/program/src/ctoken/create_ata.rs
index a1608aa8cf..4bb4618fb1 100644
--- a/programs/compressed-token/program/src/ctoken/create_ata.rs
+++ b/programs/compressed-token/program/src/ctoken/create_ata.rs
@@ -3,7 +3,7 @@ use borsh::BorshDeserialize;
 use light_account_checks::AccountIterator;
 use light_program_profiler::profile;
 use light_token_interface::instructions::create_associated_token_account::CreateAssociatedTokenAccountInstructionData;
-use pinocchio::{account_info::AccountInfo, instruction::Seed};
+use pinocchio::{account_info::AccountInfo, instruction::Seed, pubkey::pubkey_eq};
 use spl_pod::solana_msg::msg;
 
 use crate::{
@@ -67,6 +67,18 @@ fn process_create_associated_token_account_with_mode<const IDEMPOTENT: bool>(
     if IDEMPOTENT {
         validate_ata_derivation(associated_token_account, owner_bytes, mint_bytes, bump)?;
         if associated_token_account.is_owned_by(&crate::LIGHT_CPI_SIGNER.program_id) {
+            // Verify stored mint and owner match the requested values
+            let ctoken = light_token_interface::state::Token::from_account_info_checked(
+                associated_token_account,
+            )?;
+            if !pubkey_eq(ctoken.mint.array_ref(), mint_bytes) {
+                msg!("Idempotent ATA: mint mismatch");
+                return Err(anchor_compressed_token::ErrorCode::MintMismatch.into());
+            }
+            if !pubkey_eq(ctoken.owner.array_ref(), owner_bytes) {
+                msg!("Idempotent ATA: owner mismatch");
+                return Err(anchor_compressed_token::ErrorCode::OwnerMismatch.into());
+            }
             return Ok(());
         }
     }