I audited once whether an application was using nonces the correct way with libcrypto of OpenSSL. Suffice to say, that wasn't documented at all (I think it still isn't); in the end I dug through the implementation and wrote my own tests as well. Seems to be more common than I thought.

And why would you document that? It's not like it's one of the most common implementation mistakes to handle IVs incorrectly.