We currently use bisection to sync a lite client so we don't have to verify all headers. But this unsafe. It looks like doing bisection safely may require application specific components: #3244.
As an immediate remediation, we should verify all headers in order.