Can't be solved, it's always possible but we can minimize the risk through audits, eyes on code, and being cautious with upgrades to that part of the protocol.
A lot more info here:
https://sethforprivacy.com/posts/dispelling-monero-fud/#you-cant-audit-the-monero-supply