diff --git a/app/Endpoint/Api/Http/Controllers/Account/WalletController.php b/app/Endpoint/Api/Http/Controllers/Account/WalletController.php
index d5d49473..6c6fe66e 100644
--- a/app/Endpoint/Api/Http/Controllers/Account/WalletController.php
+++ b/app/Endpoint/Api/Http/Controllers/Account/WalletController.php
@@ -6,6 +6,7 @@ use App\Endpoint\Api\Http\Controllers\Controller;
 use App\Endpoint\Api\Http\Resources\DistributionPreIncomeResource;
 use App\Endpoint\Api\Http\Resources\WalletLogResource;
 use App\Exceptions\InvalidPaySerialNumberException;
+use App\Exceptions\PayPasswordIncorrectException;
 use App\Helpers\Paginator as PaginatorHelper;
 use App\Models\BalanceLog;
 use App\Models\Order;
@@ -92,11 +93,14 @@ class WalletController extends Controller
         $validated = $request->validate([
             'pay_sn' => ['bail', 'required'],
             'pay_way' => ['bail', 'required', Rule::in([PayLog::PAY_WAY_WALLET, PayLog::PAY_WAY_BALANCE])],
+            'pay_password' => ['bail', 'required'],
         ]);
 
         $user = $request->user();
 
-        // todo 校验支付密码
+        if (! $user->wallet?->verifyPassword($validated['pay_password'])) {
+            throw new PayPasswordIncorrectException();
+        }
 
         try {
             DB::transaction(function () use ($user, $validated) {
diff --git a/app/Exceptions/PayPasswordIncorrectException.php b/app/Exceptions/PayPasswordIncorrectException.php
new file mode 100644
index 00000000..f92a7a37
--- /dev/null
+++ b/app/Exceptions/PayPasswordIncorrectException.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Exceptions;
+
+class PayPasswordIncorrectException extends BizException
+{
+    public function __construct()
+    {
+        parent::__construct('支付密码错误', 10001);
+    }
+}