Hi @sirphemmiey,
When using ERC20 tokens with a contract to “do stuff”, you need to use the approve and then transferFrom pattern, requiring two transactions.
If the ERC20 token is an OpenZeppelin implementation then you should use increaseAllowance
Alternatively you could look at creating ERC777 tokens (no need to do approve and transferFrom in two separate transactions). See the documentation for details: https://docs.openzeppelin.com/contracts/2.x/tokens#ERC777
As far as security, smart contracts should be appropriately tested and audited. For testing, see the following guide: Test smart contracts like a rockstar