If a Block Body doesn't match the contents merkle, the Block itself is considered invalid. Whoever submitted the hash/header will be disconnected. That said, we don't check the Block Body when we sync it. We check it after syncing the packets in the general sync code. Because of this, the wrong peer is disconnected.
Replacing contents with an elements merkle would fix this. That does mean Verification Packets are never included in any merkle in the header. Their sketch hashes are, yet these hashes are insecure (8-bytes; extremely feasible to collide). That said, the header signature does affirm packets, so this remains secure.
If a Block Body doesn't match the contents merkle, the Block itself is considered invalid. Whoever submitted the hash/header will be disconnected. That said, we don't check the Block Body when we sync it. We check it after syncing the packets in the general sync code. Because of this, the wrong peer is disconnected.
Replacing contents with an elements merkle would fix this. That does mean Verification Packets are never included in any merkle in the header. Their sketch hashes are, yet these hashes are insecure (8-bytes; extremely feasible to collide). That said, the header signature does affirm packets, so this remains secure.