diff --git a/x/wasm/types/authz.go b/x/wasm/types/authz.go
index ddecae229e..68e2f7c9a0 100644
--- a/x/wasm/types/authz.go
+++ b/x/wasm/types/authz.go
@@ -1,7 +1,6 @@
 package types
 
 import (
-	"bytes"
 	"strings"
 
 	wasmvm "github.com/CosmWasm/wasmvm"
@@ -56,12 +55,12 @@ func (a *StoreCodeAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authztype
 	if ioutils.IsGzip(code) {
 		gasRegister, ok := GasRegister(ctx)
 		if !ok {
-			panic("gas register not found") // TODO: check how to handle this
+			return authztypes.AcceptResponse{}, sdkerrors.ErrNotFound.Wrap("gas register")
 		}
 		ctx.GasMeter().ConsumeGas(gasRegister.UncompressCosts(len(code)), "Uncompress gzip bytecode")
 		wasmCode, err := ioutils.Uncompress(code, int64(MaxWasmSize))
 		if err != nil {
-			return authztypes.AcceptResponse{}, sdkerrors.ErrInvalidRequest.Wrap(errorsmod.Wrap(err, "uncompress wasm archive").Error())
+			return authztypes.AcceptResponse{}, sdkerrors.ErrInvalidRequest.Wrap("uncompress wasm archive")
 		}
 		code = wasmCode
 	}
@@ -120,17 +119,15 @@ func (g CodeGrant) ValidateBasic() error {
 	if len(g.CodeHash) == 0 {
 		return ErrEmpty.Wrap("code hash")
 	}
-	if g.InstantiatePermission != nil {
-		if err := g.InstantiatePermission.ValidateBasic(); err != nil {
-			return errorsmod.Wrap(err, "instantiate permission")
-		}
+	if g.InstantiatePermission == nil {
+		return ErrEmpty.Wrap("permission")
 	}
-	return nil
+	return g.InstantiatePermission.ValidateBasic()
 }
 
 // Accept checks if checksum and permission match the grant
 func (g CodeGrant) Accept(checksum []byte, permission AccessConfig) bool {
-	if !bytes.Equal(g.CodeHash, []byte(CodehashWildcard)) && !bytes.Equal(g.CodeHash, checksum) {
+	if !strings.EqualFold(string(g.CodeHash), CodehashWildcard) && !strings.EqualFold(string(g.CodeHash), string(checksum)) {
 		return false
 	}
 	return permission.IsSubset(*g.InstantiatePermission)
diff --git a/x/wasm/types/authz_test.go b/x/wasm/types/authz_test.go
index 5e77d6ea43..ebf0a08480 100644
--- a/x/wasm/types/authz_test.go
+++ b/x/wasm/types/authz_test.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"math"
+	"strings"
 	"testing"
 
 	wasmvm "github.com/CosmWasm/wasmvm"
@@ -778,6 +779,8 @@ func TestValidateCodeGrant(t *testing.T) {
 func TestValidateStoreCodeAuthorization(t *testing.T) {
 	validGrant, err := NewCodeGrant([]byte("any_valid_checksum"), AllowEverybody)
 	require.NoError(t, err)
+	validGrantUpperCase, err := NewCodeGrant([]byte("ANY_VALID_CHECKSUM"), AllowEverybody)
+	require.NoError(t, err)
 	invalidGrant, err := NewCodeGrant(nil, AllowEverybody)
 	require.NoError(t, err)
 	wildcardGrant, err := NewCodeGrant([]byte("*"), AllowEverybody)
@@ -803,12 +806,18 @@ func TestValidateStoreCodeAuthorization(t *testing.T) {
 			},
 			expErr: true,
 		},
-		"duplicate grants": {
+		"duplicate grants - same case code hash": {
 			setup: func(t *testing.T) []CodeGrant {
 				return []CodeGrant{*validGrant, *validGrant}
 			},
 			expErr: true,
 		},
+		"duplicate grants - different case code hash": {
+			setup: func(t *testing.T) []CodeGrant {
+				return []CodeGrant{*validGrant, *validGrantUpperCase}
+			},
+			expErr: true,
+		},
 		"invalid grant": {
 			setup: func(t *testing.T) []CodeGrant {
 				return []CodeGrant{*validGrant, *invalidGrant}
@@ -838,12 +847,17 @@ func TestStoreCodeAuthorizationAccept(t *testing.T) {
 	reflectCodeHash, err := wasmvm.CreateChecksum(reflectWasmCode)
 	require.NoError(t, err)
 
+	reflectCodeHashUpperCase := strings.ToUpper(string(reflectCodeHash))
+
 	grantWildcard, err := NewCodeGrant([]byte("*"), AllowEverybody)
 	require.NoError(t, err)
 
 	grantReflectCode, err := NewCodeGrant(reflectCodeHash, AllowNobody)
 	require.NoError(t, err)
 
+	grantReflectCodeUpperCase, err := NewCodeGrant([]byte(reflectCodeHashUpperCase), AllowNobody)
+	require.NoError(t, err)
+
 	grantOtherCode, err := NewCodeGrant([]byte("any_valid_checksum"), AllowEverybody)
 	require.NoError(t, err)
 
@@ -875,6 +889,17 @@ func TestStoreCodeAuthorizationAccept(t *testing.T) {
 				Accept: true,
 			},
 		},
+		"accepted reflect code - different case": {
+			auth: NewStoreCodeAuthorization(*grantReflectCodeUpperCase),
+			msg: &MsgStoreCode{
+				Sender:                sdk.AccAddress(randBytes(SDKAddrLen)).String(),
+				WASMByteCode:          reflectWasmCode,
+				InstantiatePermission: &AllowNobody,
+			},
+			expResult: authztypes.AcceptResponse{
+				Accept: true,
+			},
+		},
 		"not accepted - no matching code": {
 			auth: NewStoreCodeAuthorization(*grantOtherCode),
 			msg: &MsgStoreCode{