Right now checkpoint sync does not retry if it encounters an error, neither does it punish the peer that produces data that failed verification.
Checkpoint sync should:
punish the offending peer, just similarly to what the p2p client does,
retry upon reaching an error related to malicious peer/data, the p2p client will then reach out to the current set of peers minus the last offending peer.
Right now checkpoint sync does not retry if it encounters an error, neither does it punish the peer that produces data that failed verification.
Checkpoint sync should: