diff --git a/evidence/red-team/2026-03-20.json b/evidence/red-team/2026-03-20.json
new file mode 100644
index 0000000..9108ba2
--- /dev/null
+++ b/evidence/red-team/2026-03-20.json
@@ -0,0 +1,80 @@
+{
+  "date": "2026-03-20",
+  "candidate": "Optimizer",
+  "optimizer_profile": "default",
+  "candidate_commit": "a1efa5942dd7ca863d069929ff0ca9b1909a1237",
+  "lm_eth_before": "999999999999999999998",
+  "lm_eth_after": "999999999999999999998",
+  "eth_extracted": 0,
+  "floor_held": true,
+  "verdict": "floor_held",
+  "strategies_tested": 7,
+  "strategies_total": 9,
+  "agent_runs": 2,
+  "methodology": "Each attack is snapshot-isolated: Anvil snapshot before, execute strategy, measure LM total ETH via LmTotalEth.s.sol, revert to snapshot. Per-attack delta_bps reflects the isolated measurement. Top-level lm_eth_after equals lm_eth_before because all attacks were individually reverted to the clean baseline.",
+  "attacks": [
+    {
+      "strategy": "Buy → Recenter → Sell (200 ETH round trip)",
+      "pattern": "buy → recenter → sell",
+      "result": "INCREASED",
+      "delta_bps": 24,
+      "insight": "The 1% Uniswap V3 pool fee is the primary defense. 200 ETH round trip generates ~2.4 ETH in fees for the LM. Fee income far exceeds any IL from repositioning."
+    },
+    {
+      "strategy": "Buy → Recenter → Sell (800 ETH round trip)",
+      "pattern": "buy → recenter → sell",
+      "result": "INCREASED",
+      "delta_bps": 1179,
+      "insight": "800 ETH buy moves price ~4000 ticks into concentrated positions, causing massive slippage. The attacker receives far fewer KRK per ETH as the trade moves through increasingly thin liquidity. Combined 1% pool fees and adverse slippage on both legs result in ~118 ETH net transfer to LM. Floor position (~75% of LM ETH in 200 ticks) absorbs the sell leg."
+    },
+    {
+      "strategy": "Multi-cycle buy → recenter (3×500 ETH) → sell all",
+      "pattern": "buy → recenter_multi → sell",
+      "result": "INCREASED",
+      "delta_bps": 465,
+      "insight": "Multiple buy-recenter cycles compound fee income. 1500 ETH total volume generated ~46.5 ETH in fees + slippage. Each recenter repositions liquidity at the current price; subsequent trades pay fees at new ticks."
+    },
+    {
+      "strategy": "Extreme Buy (2050 ETH) → Recenter at Deep Tick → Sell All",
+      "pattern": "buy → recenter → sell",
+      "result": "INCREASED",
+      "delta_bps": 3746,
+      "insight": "2050 ETH far exceeds pool depth (~1000 ETH in positions), causing extreme slippage on both legs. The attacker loses ~374 ETH (~18% of input) — mostly to slippage through thin liquidity beyond the concentrated positions, not just the 1% fee. The LM captures all of this as position value increase. Demonstrates that over-sized trades are self-defeating."
+    },
+    {
+      "strategy": "Stake to change optimizer params → exploit repositioning",
+      "pattern": "buy → stake → recenter",
+      "result": "INCREASED",
+      "delta_bps": 500,
+      "insight": "Staking parameter changes do not create exploitable repositioning windows. The +500 bps is from the buy-leg fee + slippage (50 ETH buy). Staking itself has no effect on LM ETH."
+    },
+    {
+      "strategy": "Exploit discovery position WETH consumption + asymmetric repositioning",
+      "pattern": "buy → recenter → sell",
+      "result": "INCREASED",
+      "delta_bps": 1179,
+      "insight": "Discovery position WETH consumption does not weaken the floor enough to enable extraction. Tested as 800 ETH round trip variant. 1% fee + slippage dominates all round-trip strategies. Subsumed by attack 2 (same pattern at same volume)."
+    },
+    {
+      "strategy": "One-way sell — buy KRK, recenter, sell at stale positions (no second recenter)",
+      "pattern": "buy → recenter → sell",
+      "result": "INCREASED",
+      "delta_bps": 24,
+      "insight": "Even without follow-up recenter, LM gained ETH. The cost of acquiring KRK (buy-leg fees + slippage) exceeds what can be extracted by selling through stale positions. Tested at 200 ETH. Subsumed by attack 1 (same effective pattern)."
+    },
+    {
+      "strategy": "Send KRK Directly to LM + Recenter (Supply Manipulation)",
+      "pattern": "buy → transfer → recenter",
+      "result": "INCREASED",
+      "delta_bps": 1000,
+      "insight": "Sending KRK to LM acts as a donation — reduces outstandingSupply and gives LM free KRK. Combined with 100 ETH buy-leg fees + slippage (~100 ETH total LM gain). Floor calculation handles reduced supply gracefully."
+    },
+    {
+      "strategy": "Floor Ratchet Extraction — initial phase only (buy → recenter_multi → sell through floor)",
+      "pattern": "buy → recenter_multi → sell",
+      "result": "INCREASED",
+      "delta_bps": 1179,
+      "insight": "Tests the initial phase of the known floor ratchet vector (#630). 800 ETH buy crashes price ~4000 ticks; only 1 of 10 recenters succeeds (TWAP oracle blocks the rest). Sell through floor fully absorbed. Net: LM gains ~118 ETH. IMPORTANT: this does NOT test the full 2000-trade oscillation variant that produced profitable outcomes (9/34 runs, up to +178 ETH extracted). That variant gradually drifts TWAP to bypass oracle protections. A dedicated full-sequence run is tracked as follow-up (#1082)."
+    }
+  ]
+}