Understanding PullPayment

Hello,

I’m not sure to understand the proper process in order to use PullPayment and avoid security issues.
Let’s say I have a contract that inherits PullPayment. If we use the example from [https://consensys.github.io/smart-contract-best-practices/recommendations/#favor-pull-over-push-for-external-calls](https://Consensys Security) of a bidding function.

  1. Is this the right approach to make a bidding/auction contracts inherits from PullPayment?
  2. Their bid() function uses a mapping to match address entitles to refunds.
    In the case of PullPayment, should I also create an additional mapping or can my bid() function directly call _asyncTransfer(bidder, amount)? I have seen PullPayment inherites from Escrow which has a similar mapping.

it’s not very clear in my mind lol.
Thanks