The OP is talking about the inability to audit the code actually running at the time of voting. You can audit the code in the repo all you like but if the hardware of the voting machine is compromised, or the code you audit is modified or replaced sometime before execution, or there is other malicious code running on the machine interfering with the voting then your audit is useless.
Require (by law) that the actual machines be available for potential inspection for X weeks/months after each election. If there is suspicion of fraud/issues, inspection happens on the machines that have been stored since the election. Since the machines are offline the entire time (by design it seems), manipulation doesn't seem that easy, granted the machines are stored in a secure location in the meantime.
I wasn’t suggesting manipulation was easy. But for a sufficiently motivated and resourced actor with direct or indirect physical access to the machine all bets are off.
The OP is talking about the inability to audit the code actually running at the time of voting. You can audit the code in the repo all you like but if the hardware of the voting machine is compromised, or the code you audit is modified or replaced sometime before execution, or there is other malicious code running on the machine interfering with the voting then your audit is useless.