It looks like the synchronization code picks the peer which gives the highest block height, and then tries to synchronize only from them.
This looks very vulnerable to a misbehaving peer which has a higher block height but will not synchronize to that height. Instead the block tree should be built from all connected peers, and a peer not judged as certainly providing the highest height until it has actually provided valid blocks at that height.
See https://github.com/Qoracoin/Qora/blob/master/Qora/src/controller/Controller.java#L693
It looks like the synchronization code picks the peer which gives the highest block height, and then tries to synchronize only from them.
This looks very vulnerable to a misbehaving peer which has a higher block height but will not synchronize to that height. Instead the block tree should be built from all connected peers, and a peer not judged as certainly providing the highest height until it has actually provided valid blocks at that height.
See https://github.com/Qoracoin/Qora/blob/master/Qora/src/controller/Controller.java#L693