The malicious validator can enforce a “cascade” of solification requests as it is not possible to know how many missing blocks there are.
This makes the attack stop, but it does not guarantee that all nodes end up with a consistent view on validation blocks from the malicious node. As Andrew mentioned, a hard cap on throughput per issuer/validator is likely to introduce consistency issues
As for the punishment, another possibility is to decrement the Mana amount depending on the amount of spam.