See https://core.telegram.org/mtproto/security_guidelines

• Validation of DH parameters
• g_a and g_b validation
• Checking SHA1 hash values during key generation
• Checking nonce, server_nonce and new_nonce fields
• Using secure pseudorandom number generator to create DH secret parameters a and b
• Checking SHA256 hash value of msg_key
• Checking message length
• Checking session_id
• Checking msg_id
• Behavior in case of mismatch (we are ignoring message, but don't perform full re-connection)