diff --git a/website/server/controllers/api-v3/challenges.js b/website/server/controllers/api-v3/challenges.js
index 150293c1ed..7db05352c2 100644
--- a/website/server/controllers/api-v3/challenges.js
+++ b/website/server/controllers/api-v3/challenges.js
@@ -575,7 +575,7 @@ api.getChallenge = {
 
     // Fetching basic group data
     const group = await Group.getGroup({
-      user, groupId: challenge.group, fields: `${basicGroupFields} purchased`, optionalMembership: true,
+      user, groupId: challenge.group, fields: `${basicGroupFields} purchased`,
     });
     if (!group && !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
     const chalRes = challenge.toJSON();
diff --git a/website/server/models/challenge.js b/website/server/models/challenge.js
index 73092238cf..e5a7814558 100644
--- a/website/server/models/challenge.js
+++ b/website/server/models/challenge.js
@@ -93,6 +93,7 @@ schema.methods.canModify = function canModifyChallenge (user) {
 schema.methods.canJoin = function canJoinChallenge (user, group) {
   // for when leader has left private group that contains the challenge
   if (this.isLeader(user)) return true;
+  if (!group) return false;
   if (group.type === 'guild' && group.privacy === 'public') {
     return group._id === TAVERN_ID;
   }