Zcoin implementation bug enabled attacker to create 548, 000 Zcoins

[Atila Neves via Digitalmars-d]

On Tuesday, 7 March 2017 at 06:59:38 UTC, Walter Bright wrote:
> On 3/6/2017 10:06 PM, Jack Stouffer wrote:
>> To be fair, this also would have been caught with proper 
>> testing ... which
>> obviously didn't happen.
>
> My idea of fair is it should never have gotten past the 
> compiler. It's a simple mistake for the compiler to detect.

clang 3.9.1 with 0 flags used:

$ cat zcoin.cpp
int main() {
     int a, b;
     a == b;
}
$ clang++ zcoin.cpp

zcoin.cpp:3:7: warning: equality comparison result unused 
[-Wunused-comparison]
     a == b;
     ~~^~~~
zcoin.cpp:3:7: note: use '=' to turn this equality comparison 
into an assignment
     a == b;
       ^~
       =
1 warning generated.

gcc, sadly, warns about nothing by default but does with `-Wall`. 
But... anyone not using `-Wall -Wextra -Werror` on a new C++ 
codebase shouldn't be writing C++ AFAIC*. And then there's the 
aforementioned lack of adequate testing.

Does D do better? Sort of (clang issues a warning, which I know 
can be and is often ignored). Is this an example of amateur hour 
by the Zcoin devs? Indubitably.

Atila

* Maybe there should be something like a driver's license for C++ 
where devs have to pass a test before they're allowed to write 
code. Something like "Do you know how to use std::enable_if 
without looking at cppreference.com? No? Fail." (I'd fail, I 
_always_ have to look up how to use enable_if. Then again, it 
_is_ a horrible hacky hack of a hack based on the hack that is 
SNIFAE).