From Dec 2, 2024 to Dec 27, 2024, RISC Zero engaged Veridise to conduct a follow up security assessment of their ZKVM. The previous audit performed by Veridise covered most of their ZKVM implementation including parts of the prover, verifier, recursion circuits, default host implementation, and their new arithmetization of the RISC-V CPU in their V2 circuit DSL. The follow up engagement was intended to review a new implementation of the RISC-V big integer precompile (referred to as Bigint2). Veridise conducted the assessment over 8 person-weeks, with 2 security analysts reviewing the project over 4 weeks.