diff --git a/protocol/shadowsocks/protocol.go b/protocol/shadowsocks/protocol.go
index 50a0d5a..2f12a95 100644
--- a/protocol/shadowsocks/protocol.go
+++ b/protocol/shadowsocks/protocol.go
@@ -13,8 +13,8 @@ import (
 )
 
 var (
-	ErrBadKey          = E.New("shadowsocks: bad key")
-	ErrMissingPassword = E.New("shadowsocks: missing password")
+	ErrBadKey          = E.New("bad key")
+	ErrMissingPassword = E.New("missing password")
 )
 
 type Method interface {
diff --git a/protocol/shadowsocks/shadowaead/aead.go b/protocol/shadowsocks/shadowaead/aead.go
index 40127df..936c98a 100644
--- a/protocol/shadowsocks/shadowaead/aead.go
+++ b/protocol/shadowsocks/shadowaead/aead.go
@@ -198,6 +198,10 @@ func (r *Reader) Discard(n int) error {
 	}
 }
 
+func (r *Reader) Cached() int {
+	return r.cached
+}
+
 type Writer struct {
 	upstream      io.Writer
 	cipher        cipher.AEAD
diff --git a/protocol/shadowsocks/shadowaead_2022/protocol.go b/protocol/shadowsocks/shadowaead_2022/protocol.go
index b56af92..e9ec7aa 100644
--- a/protocol/shadowsocks/shadowaead_2022/protocol.go
+++ b/protocol/shadowsocks/shadowaead_2022/protocol.go
@@ -49,13 +49,13 @@ const (
 )
 
 var (
-	ErrMissingPasswordPSK    = E.New("shadowsocks: missing password or psk")
-	ErrBadHeaderType         = E.New("shadowsocks: bad header type")
-	ErrBadTimestamp          = E.New("shadowsocks: bad timestamp")
-	ErrBadRequestSalt        = E.New("shadowsocks: bad request salt")
-	ErrBadClientSessionId    = E.New("shadowsocks: bad client session id")
-	ErrPacketIdNotUnique     = E.New("shadowsocks: packet id not unique")
-	ErrTooManyServerSessions = E.New("shadowsocks: server session changed more than once during the last minute")
+	ErrMissingPasswordPSK    = E.New("missing password or psk")
+	ErrBadHeaderType         = E.New("bad header type")
+	ErrBadTimestamp          = E.New("bad timestamp")
+	ErrBadRequestSalt        = E.New("bad request salt")
+	ErrBadClientSessionId    = E.New("bad client session id")
+	ErrPacketIdNotUnique     = E.New("packet id not unique")
+	ErrTooManyServerSessions = E.New("server session changed more than once during the last minute")
 )
 
 var List = []string{
diff --git a/protocol/shadowsocks/shadowaead_2022/service.go b/protocol/shadowsocks/shadowaead_2022/service.go
index 28bc642..e9a12f0 100644
--- a/protocol/shadowsocks/shadowaead_2022/service.go
+++ b/protocol/shadowsocks/shadowaead_2022/service.go
@@ -27,6 +27,8 @@ import (
 	wgReplay "golang.zx2c4.com/wireguard/replay"
 )
 
+var ErrNoPadding = E.New("bad request: missing payload or padding")
+
 type Service struct {
 	name             string
 	secureRNG        io.Reader
@@ -157,6 +159,8 @@ func (s *Service) newConnection(ctx context.Context, conn net.Conn, metadata M.M
 		if err != nil {
 			return E.Cause(err, "discard padding")
 		}
+	} else if reader.Cached() == 0 {
+		return ErrNoPadding
 	}
 
 	metadata.Protocol = "shadowsocks"
diff --git a/protocol/shadowsocks/shadowaead_2022/service_multi.go b/protocol/shadowsocks/shadowaead_2022/service_multi.go
index ac5a7f4..9c0df4b 100644
--- a/protocol/shadowsocks/shadowaead_2022/service_multi.go
+++ b/protocol/shadowsocks/shadowaead_2022/service_multi.go
@@ -169,6 +169,8 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta
 		if err != nil {
 			return E.Cause(err, "discard padding")
 		}
+	} else if reader.Cached() == 0 {
+		return ErrNoPadding
 	}
 
 	var userCtx shadowsocks.UserContext[U]