I understand why pull payments are better suited for Ether transfers than simply transferring ether from one account to another via a contract (gas limit and reentrancy). Does the same apply if my contract transfers an ERC20 token (I.e. should I be using a similar pullpayment pattern)?
Alternatively, if I am withdrawing to a trusted account (in this case contract owner), do I need to be concerned about reentrancy attacks, even for Ether?
HI @haydenyoung ,
Welcome to the community 
It doesn’t, as a recipient of an ERC20 transfer isn’t triggered/notified.
I would recommend considering what could happen, even if you choose to do nothing in that instance.
I suggest having a look at: Reentrancy After Istanbul
Hi @abcoathup and thanks for the warm welcome.
Yes I thought this might be the case because of the lack of transfer, send, call, etc but good to get confirmation.
I decided to provide a pull payment mechanism for both erc20 withdrawals (using my own escrow mechanism) AND ether (using OZ PullPayments). I figured at the very least it would reduce gas costs on each payment into the contract.
Thanks, and, yes, that was what got be thinking about how best to handle this. Good to know I’m on the right track.