Solana Foundation

A logic error in anchor-lang versions 1.0.0 to 1.0.1 causes anchor programs to accept any program ID when requiring the system program ID, resulting in false assumptions that could lead to arbitrary CPI in programs invoking system program instructions, potentially leading to validation bypass and unauthorized account control.

The `InterfaceAccount` in `anchor-lang` allows an unexpected account type to be passed due to disabled discriminator checking, patched in version 1.0.0-rc.2 and later.