https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf
copy and paste:
1.3 Findings Summary During the engagement, CS identified four (4) issues,
and none led to a complete bypass of confidentiality in common usage
scenarios. The standard workflow of creating a volume and making use of it
was reviewed, and no significant flaws were found that would impact it. The
most severe finding relates to the use of the Windows API to generate
random numbers for master encryption key material among other things. While
CS believes these calls will succeed in all normal scenarios, at least one
unusual scenario would cause the calls to fail and rely on poor sources of
entropy; it is unclear in what additional situations they may fail.
Additionally, CS identified that volume header decryption relies on
improper integrity checks to detect tampering, and that the method of
mixing the entropy of keyfiles was not cryptographically sound. Finally, CS
identified several included AES implementations that may be vulnerable to
cache-timing attacks. The most straightforward way to exploit this would be
using native code, potentially delivered through NaCl in Chrome; however,
the simplest method of exploitation through that attack vector was recently
closed of
