I've identified serious bugs that were lurking in large legacy codebases for years with this approach. Whenever I read code I always try to find the gaps between "what was the author(s) trying to do?" and "what does this code actually do?" There's often quite a lot of space between those two, and almost always that space is where you find the bugs.