diff --git a/src/_zkapauthorizer/tests/test_storage_protocol.py b/src/_zkapauthorizer/tests/test_storage_protocol.py
index a698c5fdd88994c44edd2815777c3a475ec6a1e5..202d87e52d056bf9cabe58e481dfda4bdef0a54c 100644
--- a/src/_zkapauthorizer/tests/test_storage_protocol.py
+++ b/src/_zkapauthorizer/tests/test_storage_protocol.py
@@ -29,9 +29,11 @@ from testtools import (
 from testtools.matchers import (
     Equals,
     HasLength,
+    Always,
 )
 from testtools.twistedsupport import (
     succeeded,
+    failed,
 )
 from testtools.twistedsupport._deferred import (
     # I'd rather use https://twistedmatrix.com/trac/ticket/8900 but efforts
@@ -121,6 +123,7 @@ class LocalRemote(object):
         provides a simulated remote interface.
     """
     _referenceable = attr.ib()
+    check_args = attr.ib(default=True)
 
     def callRemote(self, methname, *args, **kwargs):
         """
@@ -132,7 +135,8 @@ class LocalRemote(object):
         :return Deferred: The result of the call on the wrapped object.
         """
         schema = self._referenceable.getInterface()[methname]
-        schema.checkAllArgs(args, kwargs, inbound=False)
+        if self.check_args:
+            schema.checkAllArgs(args, kwargs, inbound=False)
         # TODO: Figure out how to call checkResults on the result.
         return execute(
             self._referenceable.doRemoteCall,
@@ -480,6 +484,79 @@ class ShareTests(TestCase):
             Equals([]),
         )
 
+    @given(
+        storage_index=storage_indexes(),
+        secrets=tuples(
+            write_enabler_secrets(),
+            lease_renew_secrets(),
+            lease_cancel_secrets(),
+        ),
+        test_and_write_vectors_for_shares=test_and_write_vectors_for_shares(),
+    )
+    def test_client_cannot_control_lease_behavior(self, storage_index, secrets, test_and_write_vectors_for_shares):
+        """
+        If the client passes ``renew_leases`` to *slot_testv_and_readv_and_writev*
+        it fails with ``TypeError``, no lease is updated, and no share data is
+        written.
+        """
+        # First, tell the client to let us violate the protocol.  It is the
+        # server's responsibility to defend against this attack.
+        self.local_remote_server.check_args = False
+
+        # The nice Python API doesn't let you do this so we drop down to
+        # the layer below.  We also use positional arguments because they
+        # transit the network differently from keyword arguments.  Yay.
+        d = self.client._rref.callRemote(
+            "slot_testv_and_readv_and_writev",
+            # tokens
+            self.client._get_tokens(),
+            # storage_index
+            storage_index,
+            # secrets
+            secrets,
+            # tw_vectors
+            {
+                k: v.for_call()
+                for (k, v)
+                in test_and_write_vectors_for_shares.items()
+            },
+            # r_vector
+            [],
+            # add_leases
+            True,
+        )
+
+        # The operation should fail.  I'm not that concerned with how just
+        # yet.
+        self.expectThat(
+            d,
+            failed(Always()),
+        )
+
+        # There should be no shares at the given storage index.
+        d = self.client.slot_readv(
+            storage_index,
+            # Surprise.  shares=None means all shares.
+            shares=None,
+            r_vector=list(
+                list(map(write_vector_to_read_vector, vector.write_vector))
+                for vector
+                in test_and_write_vectors_for_shares.values()
+            ),
+        )
+        self.expectThat(
+            d,
+            succeeded(
+                Equals({}),
+            ),
+        )
+
+        # And there should be no leases on those non-shares.
+        self.expectThat(
+            list(self.anonymous_storage_server.get_slot_leases(storage_index)),
+            Equals([]),
+        )
+
 
 def write_vector_to_read_vector(write_vector):
     """
diff --git a/tahoe-lafs.nix b/tahoe-lafs.nix
index 5651110d1298f9ff8b330890a9efc3609600d0ea..466a2dc85c0239acba473637bddf7521350ecc4c 100644
--- a/tahoe-lafs.nix
+++ b/tahoe-lafs.nix
@@ -11,8 +11,8 @@ buildPythonPackage rec {
     owner = "LeastAuthority";
     repo = "tahoe-lafs";
     # HEAD of integration/storage-economics branch as of July 15th 2019.
-    rev = "e7bd717a3f1dc89e81df583fca177bb3d92ebfa2";
-    sha256 = "0s5w9r1zmagl16ig6642wn8dcpkwb6qn4816xbrzh1d7y3pr11rd";
+    rev = "b35a8908f4096ccae35da78b0e7dde96d6cf1667";
+    sha256 = "0n289hzx2s1jvspmpz2c5iwl0dvnfc8qbiqfmpbl88ymrjp7p6rr";
   };
 
   postPatch = ''