diff --git a/app/controllers/epp/domains_controller.rb b/app/controllers/epp/domains_controller.rb
index 94a077758..6ddab07a0 100644
--- a/app/controllers/epp/domains_controller.rb
+++ b/app/controllers/epp/domains_controller.rb
@@ -77,7 +77,7 @@ class Epp::DomainsController < EppController
   end
 
   def renew
-    authorize! :renew, Epp::Domain
+    authorize! :renew, @domain
 
     handle_errors(@domain) and return unless @domain.renew(
       params[:parsed_frame].css('curExpDate').text,
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 067b89a37..79dcb991a 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -28,7 +28,7 @@ class Ability
     can(:info,     Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
     can(:check,    Epp::Domain)
     can(:create,   Epp::Domain)
-    can(:renew,    Epp::Domain)
+    can(:renew,    Epp::Domain) { |d| d.registrar_id == @user.registrar_id }
     can(:update,   Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }
     can(:transfer, Epp::Domain) { |d, pw| d.auth_info == pw }
     can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }
diff --git a/app/models/contact.rb b/app/models/contact.rb
index 3d5db652c..a5d558c98 100644
--- a/app/models/contact.rb
+++ b/app/models/contact.rb
@@ -148,10 +148,10 @@ class Contact < ActiveRecord::Base
   end
   # rubocop:enable Metrics/CyclomaticComplexity
 
-  # used only for contact trasphere
+  # used only for contact transfer
   def generate_new_code!
     return nil if registrar.blank?
-    registrar.reload # for contact transfere
+    registrar.reload # for contact transfer
     self[:code] = "#{registrar.code}:#{SecureRandom.hex(4)}".upcase
   end
 
diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb
index 2b5b2d72c..3f054003b 100644
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@@ -467,7 +467,8 @@ class Epp::Domain < Domain
     oc = c.deep_clone include: [:statuses]
     oc.code = nil
     oc.registrar_id = registrar_id
-    oc.save!
+    oc.prefix_code
+    oc.save!(validate: false)
     oc
   end
 
@@ -475,7 +476,7 @@ class Epp::Domain < Domain
     oc = Contact.find(contact_id) # n+1 workaround
     oc.registrar_id = registrar_id
     oc.generate_new_code!
-    oc.save!
+    oc.save!(validate: false)
     oc
   end
 
@@ -548,8 +549,9 @@ class Epp::Domain < Domain
         save!(validate: false)
 
         return dt
-      rescue => _e
+      rescue => e
         add_epp_error('2306', nil, nil, I18n.t('action_failed_due_to_server_error'))
+        logger.error('DOMAIN TRANSFER FAILED')
         logger.error(e)
         raise ActiveRecord::Rollback
       end
diff --git a/app/validators/domain_name_validator.rb b/app/validators/domain_name_validator.rb
index 4d337b8b5..6a2d41c43 100644
--- a/app/validators/domain_name_validator.rb
+++ b/app/validators/domain_name_validator.rb
@@ -31,9 +31,8 @@ class DomainNameValidator < ActiveModel::EachValidator
 
       # rubocop: disable Metrics/LineLength
       unicode_chars = /\u00E4\u00F5\u00F6\u00FC\u0161\u017E/ # äõöüšž
-      regexp = /\A[a-zA-Z0-9#{unicode_chars}][a-zA-Z0-9#{unicode_chars}-]{0,61}[a-zA-Z0-9#{unicode_chars}]#{general_domains}\z/
+      regexp = /\A[a-zA-Z0-9#{unicode_chars.source}][a-zA-Z0-9#{unicode_chars.source}-]{0,61}[a-zA-Z0-9#{unicode_chars.source}]#{general_domains.source}\z/
       # rubocop: enable Metrics/LineLength
-
       # rubocop: disable Style/DoubleNegation
       !!(value =~ regexp)
       # rubocop: enable Style/DoubleNegation
diff --git a/app/views/registrar/domains/info.haml b/app/views/registrar/domains/info.haml
index 369e0f87d..4d7ffb429 100644
--- a/app/views/registrar/domains/info.haml
+++ b/app/views/registrar/domains/info.haml
@@ -1,10 +1,11 @@
 - content_for :actions do
-  = link_to(t(:edit), edit_registrar_domains_path(domain_name: params[:domain_name]),
-    class: 'btn btn-default')
-  = link_to(t(:renew), renew_registrar_domains_path(domain_name: params[:domain_name]),
-    class: 'btn btn-default')
-  = link_to(t(:delete), delete_registrar_domains_path(domain_name: params[:domain_name]),
-    class: 'btn btn-default')
+  - if @data.css('pw').text.present?
+    = link_to(t(:edit), edit_registrar_domains_path(domain_name: params[:domain_name]),
+      class: 'btn btn-default')
+    = link_to(t(:renew), renew_registrar_domains_path(domain_name: params[:domain_name]),
+      class: 'btn btn-default')
+    = link_to(t(:delete), delete_registrar_domains_path(domain_name: params[:domain_name]),
+      class: 'btn btn-default')
 = render 'shared/title', name: truncate(@data.css('name').text)
 
 .row
diff --git a/spec/epp/domain_spec.rb b/spec/epp/domain_spec.rb
index 73ba344ae..f14c79915 100644
--- a/spec/epp/domain_spec.rb
+++ b/spec/epp/domain_spec.rb
@@ -1993,6 +1993,21 @@ describe 'EPP Domain', epp: true do
       response[:results][0][:value].should == '4'
     end
 
+    it 'does not renew foreign domain' do
+      login_as :registrar2 do
+        exp_date = 1.year.since.to_date
+        xml = @epp_xml.domain.renew(
+          name: { value: domain.name },
+          curExpDate: { value: exp_date.to_s },
+          period: { value: '1', attrs: { unit: 'y' } }
+        )
+
+        response = epp_plain_request(xml)
+        response[:results][0][:msg].should == 'Authorization error'
+        response[:results][0][:result_code].should == '2201'
+      end
+    end
+
     ### INFO ###
     it 'returns domain info' do
       domain.domain_statuses.build(value: DomainStatus::CLIENT_HOLD, description: 'Payment overdue.')
diff --git a/spec/models/domain_spec.rb b/spec/models/domain_spec.rb
index cc6c4e257..c9177b406 100644
--- a/spec/models/domain_spec.rb
+++ b/spec/models/domain_spec.rb
@@ -242,7 +242,7 @@ describe Domain do
   end
 
   it 'should not be valid when name length is longer than 63 characters' do
-    d = Fabricate.build(:domain, 
+    d = Fabricate.build(:domain,
       name: "xn--4caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.ee")
     d.valid?
     d.errors.full_messages.should match_array([
@@ -294,6 +294,18 @@ describe Domain do
     d.errors.full_messages.should == ["Domain name Domain name is invalid"]
   end
 
+  it 'should not be valid with at character' do
+    d = Fabricate.build(:domain, name: 'dass@sf.ee')
+    d.valid?
+    d.errors.full_messages.should == ["Domain name Domain name is invalid"]
+  end
+
+  it 'should not be valid with invalid characters' do
+    d = Fabricate.build(:domain, name: '@ba)s(?ä_:-df.ee')
+    d.valid?
+    d.errors.full_messages.should == ["Domain name Domain name is invalid"]
+  end
+
   it 'should be valid when name length is two pynicodes' do
     d = Fabricate.build(:domain, name: "xn--4caa.ee")
     d.valid?